Edit tour

Windows Analysis Report
Quarantined Messages (1).zip

Overview

General Information

Sample name:	Quarantined Messages (1).zip
Analysis ID:	1542039
MD5:	ad3972b3fe62c428c9c2ef0c7d4bbb82
SHA1:	e379ec9f1251444b4edb2ea6a5ff5334a939b480
SHA256:	0c63c4ae4ef875acfff612bbfa16770d13de8197415df4136d2ab678f0c2bcd4
Infos:

Detection

HTMLPhisher

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus detection for dropped file

Yara detected HtmlPhish10

Yara detected HtmlPhish44

HTML body contains low number of good links

HTML body contains password input but no form action

HTML title does not match URL

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

None HTTPS page querying sensitive user data (password, username or email)

Queries the volume information (name, serial number etc) of a device

Sigma detected: Office Autorun Keys Modification

Sigma detected: Outlook Security Settings Updated - Registry

Stores files to the Windows start menu directory

Stores large binary data to the registry

Suricata IDS alerts with low severity for network traffic

Classification

Process Tree

System is w10x64_ra

rundll32.exe (PID: 6944 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)

OUTLOOK.EXE (PID: 3700 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\Quarantined Messages (1)\b013e97a-82ac-47e2-7d71-08dcf47b0758\0e7d1db5-47bc-5f6e-656b-d3675529b6d6.eml" MD5: 91A5292942864110ED734005B7E005C0)

ai.exe (PID: 6996 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "9CA74039-B771-4B3F-B00D-C96353AB08AD" "FD2F9C2B-C426-4778-9DB9-81A63FFABB3E" "3700" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)

chrome.exe (PID: 3424 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\P260A8DK\SignedContractAgreement.html MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4884 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1844,i,486642544156839337,13339508232561496994,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\P260A8DK\SignedContractAgreement (002).html	JoeSecurity_HtmlPhish_44	Yara detected HtmlPhish_44	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\P260A8DK\SignedContractAgreement.html	JoeSecurity_HtmlPhish_44	Yara detected HtmlPhish_44	Joe Security

HTML

Source	Rule	Description	Author	Strings
1.1.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
1.0.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Sigma Signatures

Sigma detected: Office Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 3700, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Sigma detected: Outlook Security Settings Updated - Registry

Source: Registry Key set

Author: frack113: Data: Details: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\P260A8DK\, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 3700, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder

Suricata Signatures

ETPRO PHISHING Possible Successful Generic Phish July 28

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T13:42:20.406952+0200	2812237	1	Successful Credential Theft Detected	192.168.2.16	49745	185.221.216.128	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\P260A8DK\SignedContractAgreement (002).html	Avira: detection malicious, Label: HTML/Infected.WebPage.Gen2
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\P260A8DK\SignedContractAgreement.html	Avira: detection malicious, Label: HTML/Infected.WebPage.Gen2
Source: C:\Users\user\AppData\Local\Temp\olk28EA.tmp	Avira: detection malicious, Label: HTML/Infected.WebPage.Gen2

Phishing

AI detected phishing page

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/P260A8DK/SignedContractAgreement.html

LLM: Score: 10 Reasons: HTML file with login form DOM: 1.0.pages.csv

Yara detected HtmlPhish10

Source: Yara match	File source: 1.1.pages.csv, type: HTML
Source: Yara match	File source: 1.0.pages.csv, type: HTML

Yara detected HtmlPhish44

Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\P260A8DK\SignedContractAgreement (002).html, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\P260A8DK\SignedContractAgreement.html, type: DROPPED

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/P260A8DK/SignedContractAgreement.html	HTTP Parser: Number of links: 1
Source: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3fwa%3dwsignin1.0%26rpsnv%3d13%26ct%3d1594824447%26rver%3d7.0.6737.0%26wp%3dMBI_SSL%26wreply%3dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253d096991c0-c96c-6a4e-6fe9-e91b0da948f1%26id%3d292841%26aadredir%3d1%26CBCXT%3dout%26lw%3d1%26fl%3ddob%252cflname%252cwld%26cobrandid%3d90015%26contextid%3d2C688CEDDDA7EE22%26bk%3d1594880420&id=292841&uiflavor=web&cobrandid=90015&uaid=657745d4db72409899b7bb19b09796de&mkt=EN-GB&lc=2057&bk=1594880420#	HTTP Parser: Number of links: 0

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/P260A8DK/SignedContractAgreement.html

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/P260A8DK/SignedContractAgreement.html

HTTP Parser: Title: Official Document does not match URL

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/P260A8DK/SignedContractAgreement.html

HTTP Parser: Has password / email / username input fields

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/P260A8DK/SignedContractAgreement.html

HTTP Parser: <input type="password" .../> found

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/P260A8DK/SignedContractAgreement.html	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/P260A8DK/SignedContractAgreement.html	HTTP Parser: No <meta name="author".. found
Source: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3fwa%3dwsignin1.0%26rpsnv%3d13%26ct%3d1594824447%26rver%3d7.0.6737.0%26wp%3dMBI_SSL%26wreply%3dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253d096991c0-c96c-6a4e-6fe9-e91b0da948f1%26id%3d292841%26aadredir%3d1%26CBCXT%3dout%26lw%3d1%26fl%3ddob%252cflname%252cwld%26cobrandid%3d90015%26contextid%3d2C688CEDDDA7EE22%26bk%3d1594880420&id=292841&uiflavor=web&cobrandid=90015&uaid=657745d4db72409899b7bb19b09796de&mkt=EN-GB&lc=2057&bk=1594880420#	HTTP Parser: No <meta name="author".. found
Source: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3fwa%3dwsignin1.0%26rpsnv%3d13%26ct%3d1594824447%26rver%3d7.0.6737.0%26wp%3dMBI_SSL%26wreply%3dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253d096991c0-c96c-6a4e-6fe9-e91b0da948f1%26id%3d292841%26aadredir%3d1%26CBCXT%3dout%26lw%3d1%26fl%3ddob%252cflname%252cwld%26cobrandid%3d90015%26contextid%3d2C688CEDDDA7EE22%26bk%3d1594880420&id=292841&uiflavor=web&cobrandid=90015&uaid=657745d4db72409899b7bb19b09796de&mkt=EN-GB&lc=2057&bk=1594880420#	HTTP Parser: No <meta name="author".. found

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/P260A8DK/SignedContractAgreement.html	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/P260A8DK/SignedContractAgreement.html	HTTP Parser: No <meta name="copyright".. found
Source: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3fwa%3dwsignin1.0%26rpsnv%3d13%26ct%3d1594824447%26rver%3d7.0.6737.0%26wp%3dMBI_SSL%26wreply%3dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253d096991c0-c96c-6a4e-6fe9-e91b0da948f1%26id%3d292841%26aadredir%3d1%26CBCXT%3dout%26lw%3d1%26fl%3ddob%252cflname%252cwld%26cobrandid%3d90015%26contextid%3d2C688CEDDDA7EE22%26bk%3d1594880420&id=292841&uiflavor=web&cobrandid=90015&uaid=657745d4db72409899b7bb19b09796de&mkt=EN-GB&lc=2057&bk=1594880420#	HTTP Parser: No <meta name="copyright".. found
Source: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3fwa%3dwsignin1.0%26rpsnv%3d13%26ct%3d1594824447%26rver%3d7.0.6737.0%26wp%3dMBI_SSL%26wreply%3dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253d096991c0-c96c-6a4e-6fe9-e91b0da948f1%26id%3d292841%26aadredir%3d1%26CBCXT%3dout%26lw%3d1%26fl%3ddob%252cflname%252cwld%26cobrandid%3d90015%26contextid%3d2C688CEDDDA7EE22%26bk%3d1594880420&id=292841&uiflavor=web&cobrandid=90015&uaid=657745d4db72409899b7bb19b09796de&mkt=EN-GB&lc=2057&bk=1594880420#	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49700 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49701 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.71:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49744 version: TLS 1.2

Source: Joe Sandbox View	IP Address: 104.18.10.207 104.18.10.207
Source: Joe Sandbox View	IP Address: 104.18.10.207 104.18.10.207
Source: Joe Sandbox View	IP Address: 13.107.246.67 13.107.246.67

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: Network traffic

Suricata IDS: 2812237 - Severity 1 - ETPRO PHISHING Possible Successful Generic Phish July 28 : 192.168.2.16:49745 -> 185.221.216.128:443

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=6L4s9PSHTBpgUVm&MD=GxUZchm+ HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.0.0/css/bootstrap.min.css HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: nullsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.1.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.2.1.slim.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: nullsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: nullsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: nullsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.2.1.slim.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.1.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=6L4s9PSHTBpgUVm&MD=GxUZchm+ HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /shared/5/js/reset-password-signinname_en-gb_YGuA5M2JeZTG051RaehFAQ2.js HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://account.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/js/reset-password-signinname_en-gb_YGuA5M2JeZTG051RaehFAQ2.js HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/chunks/oneds-analytics-js_077217740c853b5d4fe8.js HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://account.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/chunks/oneds-analytics-js_077217740c853b5d4fe8.js HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: maxcdn.bootstrapcdn.com
Source: global traffic	DNS traffic detected: DNS query: kit.fontawesome.com
Source: global traffic	DNS traffic detected: DNS query: kit-free.fontawesome.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: ka-f.fontawesome.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: encastillas.za.com
Source: global traffic	DNS traffic detected: DNS query: account.live.com
Source: global traffic	DNS traffic detected: DNS query: logincdn.msftauth.net

Source: unknown

HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com

Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: chromecache_113.15.dr, chromecache_117.15.dr	String found in binary or memory: http://opensource.org/licenses/MIT).
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: http://weather.service.msn.com/data.aspx
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://analysis.windows.net/powerbi/api
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://api.aadrm.com
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://api.aadrm.com/
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://api.addins.omex.office.net/api/addins/search
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://api.addins.store.office.com/app/query
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://api.cortana.ai
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://api.diagnostics.office.com
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://api.diagnosticssdf.office.com
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://api.microsoftstream.com
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://api.microsoftstream.com/api/
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://api.office.net
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://api.onedrive.com
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://api.scheduler.
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://apis.live.net/v5.0/
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://app.powerbi.com
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://arc.msn.com/v4/api/selection
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://augloop.office.com
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://augloop.office.com/v2
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://autodiscover-s.outlook.com/
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://canary.designerapp.
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/fonts
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-assets
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-dynamic-strings
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-home-screen
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-toolbar
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://cdn.entity.
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://clients.config.office.net
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://clients.config.office.net/
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://cortana.ai
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://cortana.ai/api
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://cr.office.com
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://d.docs.live.net
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://dataservice.o365filtering.com
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://dataservice.o365filtering.com/
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://designerapp.azurewebsites.net
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://designerappservice.officeapps.live.com
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://dev.cortana.ai
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://devnull.onenote.com
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://directory.services.
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://ecs.office.com
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://ecs.office.com/config/v2/Office
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://edge.skype.com/registrar/prod
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://edge.skype.com/rps
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://enrichment.osi.office.net/
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://entitlement.diagnostics.office.com
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: chromecache_93.15.dr, chromecache_101.15.dr, chromecache_99.15.dr, chromecache_106.15.dr, chromecache_111.15.dr, chromecache_105.15.dr	String found in binary or memory: https://fontawesome.com
Source: chromecache_93.15.dr, chromecache_101.15.dr, chromecache_99.15.dr, chromecache_106.15.dr, chromecache_111.15.dr, chromecache_105.15.dr	String found in binary or memory: https://fontawesome.com/license/free
Source: chromecache_96.15.dr	String found in binary or memory: https://fonts.gstatic.com/s/yellowtail/v22/OZpGg_pnoDtINPfRIlLohlvHwQ.woff2)
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://fpastorage.cdn.office.net/%s
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://fpastorage.cdn.office.net/firstpartyapp/addins.xml
Source: chromecache_109.15.dr, chromecache_120.15.dr, chromecache_98.15.dr	String found in binary or memory: https://getbootstrap.com)
Source: chromecache_109.15.dr, chromecache_120.15.dr, chromecache_98.15.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_120.15.dr, chromecache_98.15.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://globaldisco.crm.dynamics.com
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://graph.ppe.windows.net
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://graph.ppe.windows.net/
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://graph.windows.net
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://graph.windows.net/
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://ic3.teams.office.com
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://incidents.diagnostics.office.com
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://inclient.store.office.com/gyro/client
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://invites.office.com/
Source: chromecache_119.15.dr, chromecache_121.15.dr	String found in binary or memory: https://ka-f.fontawesome.com
Source: chromecache_119.15.dr, chromecache_121.15.dr	String found in binary or memory: https://kit.fontawesome.com
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://lifecycle.office.com
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://login.microsoftonline.com
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://login.microsoftonline.com/
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://login.microsoftonline.com/organizations
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://login.windows.local
Source: OUTLOOK_16_0_16827_20130-20241025T0741480400-3700.etl.11.dr	String found in binary or memory: https://login.windows.localMiR
Source: OUTLOOK_16_0_16827_20130-20241025T0741480400-3700.etl.11.dr	String found in binary or memory: https://login.windows.localR
Source: OUTLOOK_16_0_16827_20130-20241025T0741480400-3700.etl.11.dr	String found in binary or memory: https://login.windows.localnull
Source: OUTLOOK_16_0_16827_20130-20241025T0741480400-3700.etl.11.dr	String found in binary or memory: https://login.windows.localnullD
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://make.powerautomate.com
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://management.azure.com
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://management.azure.com/
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://messagebroker.mobile.m365.svc.cloud.microsoft
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://messaging.action.office.com/
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://messaging.engagement.office.com/
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://messaging.lifecycle.office.com/
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://messaging.office.com/
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://mss.office.com
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://my.microsoftpersonalcontent.com
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://ncus.contentsync.
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://ncus.pagecontentsync.
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://officeapps.live.com
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://officeci.azurewebsites.net/api/
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://officepyservice.office.net/
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://officepyservice.office.net/service.functionality
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://onedrive.live.com
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://onedrive.live.com/embed?
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://otelrules.azureedge.net
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://otelrules.svc.static.microsoft
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://outlook.office.com
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://outlook.office.com/
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://outlook.office365.com
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://outlook.office365.com/
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://outlook.office365.com/connectors
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://pages.store.office.com/review/query
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://powerlift.acompli.net
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://pushchannel.1drv.ms
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://res.cdn.office.net
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://res.cdn.office.net/polymer/models
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://service.officepy.microsoftusercontent.com/
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://service.powerapps.com
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://settings.outlook.com
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://shell.suite.office.com:1443
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://skyapi.live.net/Activity/
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://staging.cortana.ai
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://store.office.cn/addinstemplate
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://store.office.de/addinstemplate
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://substrate.office.com
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://tasks.office.com
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://templatesmetadata.office.net/
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://web.microsoftstream.com/video/
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://webshell.suite.office.com
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://wus2.contentsync.
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://wus2.pagecontentsync.
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://www.odwebp.svc.ms
Source: A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	String found in binary or memory: https://www.yammer.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49700 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49701 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.71:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49744 version: TLS 1.2

Source: classification engine

Classification label: mal72.phis.winZIP@19/83@32/12

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241025T0741480400-3700.etl

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\Quarantined Messages (1)\b013e97a-82ac-47e2-7d71-08dcf47b0758\0e7d1db5-47bc-5f6e-656b-d3675529b6d6.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "9CA74039-B771-4B3F-B00D-C96353AB08AD" "FD2F9C2B-C426-4778-9DB9-81A63FFABB3E" "3700" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\P260A8DK\SignedContractAgreement.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1844,i,486642544156839337,13339508232561496994,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "9CA74039-B771-4B3F-B00D-C96353AB08AD" "FD2F9C2B-C426-4778-9DB9-81A63FFABB3E" "3700" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\P260A8DK\SignedContractAgreement.html	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1844,i,486642544156839337,13339508232561496994,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: c2r64.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: gpapi.dll	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32

Jump to behavior

Source: Google Drive.lnk.14.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.14.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.14.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.14.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.14.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.14.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Window found: window name: SysTabControl32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData 1

Jump to behavior

Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File Volume queried: C:\Windows\SysWOW64 FullSizeInformation

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

Queries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 Process Injection	1 Masquerading	OS Credential Dumping	1 Process Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 DLL Side-Loading	1 Modify Registry	LSASS Memory	1 File and Directory Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Registry Run Keys / Startup Folder	1 Rundll32	Security Account Manager	14 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Process Injection	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\P260A8DK\SignedContractAgreement (002).html	100%	Avira	HTML/Infected.WebPage.Gen2
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\P260A8DK\SignedContractAgreement.html	100%	Avira	HTML/Infected.WebPage.Gen2
C:\Users\user\AppData\Local\Temp\olk28EA.tmp	100%	Avira	HTML/Infected.WebPage.Gen2

Source	Detection	Scanner	Label
https://shell.suite.office.com:1443	0%	URL Reputation	safe
https://designerapp.azurewebsites.net	0%	URL Reputation	safe
https://autodiscover-s.outlook.com/	0%	URL Reputation	safe
https://useraudit.o365auditrealtimeingestion.manage.office.com	0%	URL Reputation	safe
https://code.jquery.com/jquery-3.2.1.slim.min.js	0%	URL Reputation	safe
https://outlook.office365.com/connectors	0%	URL Reputation	safe
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr	0%	URL Reputation	safe
https://cdn.entity.	0%	URL Reputation	safe
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/	0%	URL Reputation	safe
https://rpsticket.partnerservices.getmicrosoftkey.com	0%	URL Reputation	safe
https://lookup.onenote.com/lookup/geolocation/v1	0%	URL Reputation	safe
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile	0%	URL Reputation	safe
https://api.aadrm.com/	0%	URL Reputation	safe
https://fontawesome.com	0%	URL Reputation	safe
https://canary.designerapp.	0%	URL Reputation	safe
https://www.yammer.com	0%	URL Reputation	safe
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies	0%	URL Reputation	safe
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive	0%	URL Reputation	safe
https://cr.office.com	0%	URL Reputation	safe
https://messagebroker.mobile.m365.svc.cloud.microsoft	0%	URL Reputation	safe
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js	0%	URL Reputation	safe
https://edge.skype.com/registrar/prod	0%	URL Reputation	safe
https://res.getmicrosoftkey.com/api/redemptionevents	0%	URL Reputation	safe
https://tasks.office.com	0%	URL Reputation	safe
https://officeci.azurewebsites.net/api/	0%	URL Reputation	safe
https://store.office.cn/addinstemplate	0%	URL Reputation	safe
https://edge.skype.com/rps	0%	URL Reputation	safe
https://messaging.engagement.office.com/	0%	URL Reputation	safe
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech	0%	URL Reputation	safe
https://www.odwebp.svc.ms	0%	URL Reputation	safe
https://api.powerbi.com/v1.0/myorg/groups	0%	URL Reputation	safe
https://web.microsoftstream.com/video/	0%	URL Reputation	safe
https://api.addins.store.officeppe.com/addinstemplate	0%	URL Reputation	safe
https://graph.windows.net	0%	URL Reputation	safe
https://consent.config.office.com/consentcheckin/v1.0/consents	0%	URL Reputation	safe
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices	0%	URL Reputation	safe
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json	0%	URL Reputation	safe
https://safelinks.protection.outlook.com/api/GetPolicy	0%	URL Reputation	safe
https://ncus.contentsync.	0%	URL Reputation	safe
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/	0%	URL Reputation	safe
http://weather.service.msn.com/data.aspx	0%	URL Reputation	safe
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios	0%	URL Reputation	safe
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml	0%	URL Reputation	safe
https://mss.office.com	0%	URL Reputation	safe
https://pushchannel.1drv.ms	0%	URL Reputation	safe
https://wus2.contentsync.	0%	URL Reputation	safe
https://clients.config.office.net/user/v1.0/ios	0%	URL Reputation	safe
https://api.addins.omex.office.net/api/addins/search	0%	URL Reputation	safe
https://ka-f.fontawesome.com	0%	URL Reputation	safe
https://outlook.office365.com/api/v1.0/me/Activities	0%	URL Reputation	safe
https://clients.config.office.net/user/v1.0/android/policies	0%	URL Reputation	safe
https://entitlement.diagnostics.office.com	0%	URL Reputation	safe
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json	0%	URL Reputation	safe
https://fontawesome.com/license/free	0%	URL Reputation	safe
https://login.microsoftonline.com	0%	URL Reputation	safe
https://substrate.office.com/search/api/v1/SearchHistory	0%	URL Reputation	safe
https://clients.config.office.net/c2r/v1.0/InteractiveInstallation	0%	URL Reputation	safe
https://service.powerapps.com	0%	URL Reputation	safe
https://graph.windows.net/	0%	URL Reputation	safe
https://devnull.onenote.com	0%	URL Reputation	safe
https://messaging.office.com/	0%	URL Reputation	safe
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing	0%	URL Reputation	safe
https://skyapi.live.net/Activity/	0%	URL Reputation	safe
https://messaging.action.office.com/setcampaignaction	0%	URL Reputation	safe
https://visio.uservoice.com/forums/368202-visio-on-devices	0%	URL Reputation	safe
https://code.jquery.com/jquery-3.1.1.min.js	0%	URL Reputation	safe
https://staging.cortana.ai	0%	URL Reputation	safe
https://augloop.office.com	0%	URL Reputation	safe
https://api.diagnosticssdf.office.com/v2/file	0%	URL Reputation	safe
https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory	0%	URL Reputation	safe
https://officepyservice.office.net/	0%	URL Reputation	safe
https://api.diagnostics.office.com	0%	URL Reputation	safe
https://kit.fontawesome.com	0%	URL Reputation	safe
https://store.office.de/addinstemplate	0%	URL Reputation	safe
https://wus2.pagecontentsync.	0%	URL Reputation	safe
https://api.powerbi.com/v1.0/myorg/datasets	0%	URL Reputation	safe
https://cortana.ai/api	0%	URL Reputation	safe
https://api.diagnosticssdf.office.com	0%	URL Reputation	safe
https://login.microsoftonline.com/	0%	URL Reputation	safe
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize	0%	URL Reputation	safe
https://api.addins.omex.office.net/appinfo/query	0%	URL Reputation	safe
https://clients.config.office.net/user/v1.0/tenantassociationkey	0%	URL Reputation	safe
https://powerlift.acompli.net	0%	URL Reputation	safe
https://cortana.ai	0%	URL Reputation	safe
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
s-part-0016.t-0009.t-msedge.net	13.107.246.44	true	false	unknown
code.jquery.com	151.101.66.137	true	false	unknown
cdnjs.cloudflare.com	104.17.24.14	true	false	unknown
sni1gl.wpc.alphacdn.net	152.199.21.175	true	false	unknown
maxcdn.bootstrapcdn.com	104.18.10.207	true	false	unknown
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true	false	unknown
www.google.com	142.250.186.36	true	false	unknown
encastillas.za.com	185.221.216.128	true	false	unknown
s-part-0039.t-0009.t-msedge.net	13.107.246.67	true	false	unknown
s-part-0032.t-0009.t-msedge.net	13.107.246.60	true	false	unknown
kit-free.fontawesome.com	unknown	unknown	false	unknown
ka-f.fontawesome.com	unknown	unknown	false	unknown
kit.fontawesome.com	unknown	unknown	false	unknown
logincdn.msftauth.net	unknown	unknown	false	unknown
account.live.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://code.jquery.com/jquery-3.2.1.slim.min.js	false	URL Reputation: safe	unknown
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js	false	URL Reputation: safe	unknown
https://code.jquery.com/jquery-3.1.1.min.js	false	URL Reputation: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://shell.suite.office.com:1443	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://designerapp.azurewebsites.net	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://autodiscover-s.outlook.com/	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://useraudit.o365auditrealtimeingestion.manage.office.com	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://outlook.office365.com/connectors	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://cdn.entity.	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://login.windows.localnull	OUTLOOK_16_0_16827_20130-20241025T0741480400-3700.etl.11.dr	false		unknown
https://rpsticket.partnerservices.getmicrosoftkey.com	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://lookup.onenote.com/lookup/geolocation/v1	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://api.aadrm.com/	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://fontawesome.com	chromecache_93.15.dr, chromecache_101.15.dr, chromecache_99.15.dr, chromecache_106.15.dr, chromecache_111.15.dr, chromecache_105.15.dr	false	URL Reputation: safe	unknown
https://canary.designerapp.	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://github.com/twbs/bootstrap/graphs/contributors)	chromecache_120.15.dr, chromecache_98.15.dr	false		unknown
https://www.yammer.com	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://api.microsoftstream.com/api/	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false		unknown
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://cr.office.com	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://messagebroker.mobile.m365.svc.cloud.microsoft	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://otelrules.svc.static.microsoft	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false		unknown
https://edge.skype.com/registrar/prod	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://res.getmicrosoftkey.com/api/redemptionevents	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://tasks.office.com	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://login.windows.localR	OUTLOOK_16_0_16827_20130-20241025T0741480400-3700.etl.11.dr	false		unknown
https://officeci.azurewebsites.net/api/	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://my.microsoftpersonalcontent.com	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false		unknown
https://store.office.cn/addinstemplate	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://edge.skype.com/rps	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://messaging.engagement.office.com/	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://www.odwebp.svc.ms	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://api.powerbi.com/v1.0/myorg/groups	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://web.microsoftstream.com/video/	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://api.addins.store.officeppe.com/addinstemplate	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://graph.windows.net	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://login.windows.localnullD	OUTLOOK_16_0_16827_20130-20241025T0741480400-3700.etl.11.dr	false		unknown
https://consent.config.office.com/consentcheckin/v1.0/consents	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://d.docs.live.net	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false		unknown
https://safelinks.protection.outlook.com/api/GetPolicy	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://ncus.contentsync.	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://github.com/twbs/bootstrap/blob/master/LICENSE)	chromecache_109.15.dr, chromecache_120.15.dr, chromecache_98.15.dr	false		unknown
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
http://weather.service.msn.com/data.aspx	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://mss.office.com	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://pushchannel.1drv.ms	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://wus2.contentsync.	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://clients.config.office.net/user/v1.0/ios	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://api.addins.omex.office.net/api/addins/search	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://ka-f.fontawesome.com	chromecache_119.15.dr, chromecache_121.15.dr	false	URL Reputation: safe	unknown
https://outlook.office365.com/api/v1.0/me/Activities	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://clients.config.office.net/user/v1.0/android/policies	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://entitlement.diagnostics.office.com	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://outlook.office.com/	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false		unknown
https://storage.live.com/clientlogs/uploadlocation	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false		unknown
https://fontawesome.com/license/free	chromecache_93.15.dr, chromecache_101.15.dr, chromecache_99.15.dr, chromecache_106.15.dr, chromecache_111.15.dr, chromecache_105.15.dr	false	URL Reputation: safe	unknown
https://login.microsoftonline.com	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://substrate.office.com/search/api/v1/SearchHistory	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://clients.config.office.net/c2r/v1.0/InteractiveInstallation	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://service.powerapps.com	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://graph.windows.net/	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://devnull.onenote.com	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://messaging.office.com/	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://skyapi.live.net/Activity/	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://api.cortana.ai	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false		unknown
https://messaging.action.office.com/setcampaignaction	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://visio.uservoice.com/forums/368202-visio-on-devices	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://staging.cortana.ai	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://onedrive.live.com/embed?	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false		unknown
https://augloop.office.com	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://api.diagnosticssdf.office.com/v2/file	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://officepyservice.office.net/	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://api.diagnostics.office.com	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://kit.fontawesome.com	chromecache_119.15.dr, chromecache_121.15.dr	false	URL Reputation: safe	unknown
https://store.office.de/addinstemplate	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://getbootstrap.com)	chromecache_109.15.dr, chromecache_120.15.dr, chromecache_98.15.dr	false		unknown
https://login.windows.localMiR	OUTLOOK_16_0_16827_20130-20241025T0741480400-3700.etl.11.dr	false		unknown
https://wus2.pagecontentsync.	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://api.powerbi.com/v1.0/myorg/datasets	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://cortana.ai/api	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://api.diagnosticssdf.office.com	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://login.microsoftonline.com/	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://api.addins.omex.office.net/appinfo/query	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://clients.config.office.net/user/v1.0/tenantassociationkey	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://powerlift.acompli.net	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://cortana.ai	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech	A6552BDB-637B-4B80-9BF4-9E8A44188DD8.11.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.18.10.207	maxcdn.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
13.107.246.67	s-part-0039.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.246.45	s-part-0017.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.246.44	s-part-0016.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
151.101.66.137	code.jquery.com	United States	54113	FASTLYUS	false
104.17.24.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
142.250.186.36	www.google.com	United States	15169	GOOGLEUS	false
185.221.216.128	encastillas.za.com	United Kingdom	393960	HOST4GEEKS-LLCUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
152.199.21.175	sni1gl.wpc.alphacdn.net	United States	15133	EDGECASTUS	false
104.17.25.14	unknown	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1542039
Start date and time:	2024-10-25 13:40:56 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 7s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	19
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Quarantined Messages (1).zip
Detection:	MAL
Classification:	mal72.phis.winZIP@19/83@32/12
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .zip

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 217.20.57.18, 52.109.28.46, 52.113.194.132, 52.109.68.129, 2.19.126.160, 2.19.126.151, 52.109.76.144, 52.182.141.63, 216.58.206.67, 142.250.186.78, 66.102.1.84, 142.250.185.138, 172.64.147.188, 104.18.40.68, 142.250.186.42, 104.21.51.18, 172.67.218.119, 172.217.16.131, 34.104.35.123, 216.58.206.42, 104.21.26.223, 172.67.139.119, 2.23.209.171, 2.23.209.164, 2.23.209.173, 2.23.209.177, 2.23.209.169, 2.23.209.166, 2.23.209.176, 2.23.209.174, 2.23.209.168, 2.23.209.189, 2.23.209.133, 2.23.209.193, 2.23.209.190, 2.23.209.134, 2.23.209.130, 2.23.209.136, 2.23.209.132, 2.23.209.192, 20.189.173.1, 13.107.42.22, 172.217.16.202, 216.58.206.74, 216.58.212.170, 142.250.185.106, 142.250.185.202, 142.250.185.170, 142.250.186.170, 142.250.185.234, 142.250.181.234, 142.250.185.74, 142.250.186.74, 172.217.23.106, 142.250.184.234, 40.79.167.8, 13.89.179.14, 13.89.179.10, 142.250.185.163, 20.189.173.27, 172.217.18.14
Excluded domains from analysis (whitelisted): onedscolprdwus00.westus.cloudapp.azure.com, lgincdnmsftuswe2.azureedge.net, odc.officeapps.live.com, ka-f.fontawesome.com.cdn.cloudflare.net, slscr.update.microsoft.com, clientservices.googleapis.com, browser.events.data.trafficmanager.net, clients2.google.com, e86303.dscx.akamaiedge.net, login.live.com, onedscolprdwus21.westus.cloudapp.azure.com, kit-free.fontawesome.com.cdn.cloudflare.net, update.googleapis.com, frc-azsc-000.roaming.officeapps.live.com, officeclient.microsoft.com, a1864.dscd.akamai.net, osiprod-neu-bronze-azsc-000.northeurope.cloudapp.azure.com, ecs.office.com, fonts.googleapis.com, fs.microsoft.com, acctcdnmsftuswe2.azureedge.net, content-autofill.googleapis.com, ajax.googleapis.com, onedscolprdaue02.australiaeast.cloudapp.azure.com, lgincdnvzeuno.ec.azureedge.net, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, edgedl.me.gvt1.com, s-0005.s-msedge.net, account.msa.msidentity.com, onedscolprdcus18.centralus.cloudapp.azure.com,
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Report size getting too big, too many NtSetValueKey calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: Quarantined Messages (1).zip

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.18.10.207	http://desifoodcorner.wb4.xyz/	Get hash	malicious	Unknown	Browse	maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
	SecuriteInfo.com.Exploit.Siggen3.17149.11632.xls	Get hash	malicious	Unknown	Browse	netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1
	SecuriteInfo.com.Exploit.Siggen3.17149.10211.xls	Get hash	malicious	Unknown	Browse	netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1
	SecuriteInfo.com.Exploit.Siggen3.17149.10211.xls	Get hash	malicious	Unknown	Browse	netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1
	SecuriteInfo.com.Exploit.Siggen3.17149.6905.xls	Get hash	malicious	Unknown	Browse	netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1
	SecuriteInfo.com.Exploit.Siggen3.17149.32268.xls	Get hash	malicious	Unknown	Browse	netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1
	SecuriteInfo.com.Exploit.Siggen3.17149.6905.xls	Get hash	malicious	Unknown	Browse	netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1
	SecuriteInfo.com.Exploit.Siggen3.17149.4633.xls	Get hash	malicious	Unknown	Browse	netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1
	SecuriteInfo.com.Exploit.Siggen3.17149.21631.xls	Get hash	malicious	Unknown	Browse	netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1
	SecuriteInfo.com.Exploit.Siggen3.17149.14541.xls	Get hash	malicious	Unknown	Browse	netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1
13.107.246.67	Inv Confirmation.htm	Get hash	malicious	HTMLPhisher	Browse
	SecuriteInfo.com.Other.Malware-gen.26961.24680.xlsx	Get hash	malicious	Unknown	Browse
	https://8jkfw9cqp7ep.z13.web.core.windows.net/?zpbid=78432_55610c1d-9229-11ef-824f-03718b6de7bb#	Get hash	malicious	HTMLPhisher, TechSupportScam	Browse
	EXTERNALRoger Moczygemba shared DIRECT MED CLINIC - CONFIDENTIAL with you.msg	Get hash	malicious	Unknown	Browse
	https://1drv.ms/o/c/3e563d3fb2a98d1c/Emlo5KUbYYNEvKtIF-7SS0EBYSeT3hOOGuv_MbeT-n2y4g?e=HPjqUn	Get hash	malicious	HtmlDropper	Browse
	https://chiquitzinbb.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPWQxbDZOVGc9JnVpZD1VU0VSMTYxMDIwMjRVMTExMDE2NDc=N0123N	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse
	https://chiquitzinbb.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPWQxbDZOVGc9JnVpZD1VU0VSMTYxMDIwMjRVMTExMDE2NDc=N0123N	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse
	https://t.ly/2jKWO	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse
	PayrolNotificationBenefit_.html	Get hash	malicious	Mamba2FA	Browse
	https://www.pumpproducts.com/goulds-lb0735te-centrifugal-booster-pump-3-4-hp-208-230-460-volts-3-phase-1-1-4-npt-suction-1-npt-discharge-18-gpm-max-176-ft-max-head-5-impeller-tefc-stainless-steel-pump-end-casing.html	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
s-part-0016.t-0009.t-msedge.net	Review_&_Aprove_Your_Next_Payroll72588.html	Get hash	malicious	HTMLPhisher	Browse	13.107.246.44
	Inv Confirmation.htm	Get hash	malicious	HTMLPhisher	Browse	13.107.246.44
	https://t.ly/8Lgfk	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	13.107.246.44
	PO 635614 635613_CQDM.html	Get hash	malicious	HTMLPhisher	Browse	13.107.246.44
	https://forsa.zyotina.com/	Get hash	malicious	Unknown	Browse	13.107.246.44
	https://docsend.com/view/gb9whc4k6gn6chkz&c=E,1,wGDGKBMueFLKpJs-qPSCh29y_I5pYyQPDuFeaCJFxrOAE1Kun3vTUMTaIbXig6FBfJSuG3tOPwokmZR5pHF_m4WM-RKKIiqLy4X55qIZUK1djA8,&typo=1	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	13.107.246.44
	https://cbmaterialhandling-dot-e19102a760e0e171ae4c33af96136.df.r.appspot.com/	Get hash	malicious	HTMLPhisher, ReCaptcha Phish	Browse	13.107.246.44
	Ageeconstruction -_(BENEFIT INSTRUCTIONS)_.docx	Get hash	malicious	Mamba2FA	Browse	13.107.246.44
	https://www.cyfirma.com/research/exploiting-document-templates-stego-campaign-deploying-remcos-rat-and-agent-tesla/	Get hash	malicious	Unknown	Browse	13.107.246.44
	9160074916_Payoff_Statement.html	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	13.107.246.44
cdnjs.cloudflare.com	Fax_Message_04 September, 202411_21_58 AM_564308269612697.htm	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://temp.farenheit.net/XL1VkZE1FVGZjL0VwUUt5cWc4dkk1SWpqVFFTMUtQZ0krRFhobktOS05RSWpVMTZIYzk3b3hOUTBoZ2VYdnAzM21wZnYwMVBmdGN0MW12M09qVmMzbnNVeVpkeXBxeHVGd2V4eDRvVlZ5dERsakpjbGV3ZVZxRVhlZ0F6Q3hwQlptYUUyRFhHRzY3YkRXQ3hjWmhBZDBpMkNpakJDSnhzUG9xa2k2ZkdacVpDZVhFVFppeUJLcHJIaC0teVVJeERBTFd0K3k3b01rYS0tRk9zSWNIVEd0blVHZVlhTlFnVUxldz09?cid=2242420613	Get hash	malicious	Unknown	Browse	104.17.24.14
	http://toungeassociates-sharepoint.com	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	http://www.xn--invitacionesdecumpleaos-dic.org/	Get hash	malicious	Unknown	Browse	104.17.25.14
	http://www.ncimusic.com/	Get hash	malicious	Unknown	Browse	104.17.25.14
	https://www.google.co.uk/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp%2Fwe4uproducts.com/cbb/lld/jjg/5BVvnI7cfJ4HfuhWZvVda7dK/am9yZGFuLmJsYWNrQGxlYXJmaWVsZC5jb20=	Get hash	malicious	Unknown	Browse	104.17.24.14
	Review_&_Aprove_Your_Next_Payroll72588.html	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
	https://phisher-parts-production-us-east-1.s3.amazonaws.com/68a29cbc-d8f9-4c01-aa8b-704c527e3dea/2024-10-24/hdp1f4m0mtn58r7e5djj3r2baep1oktpuitii5o1/d493f6c6bdfdcf5959ae27c95155d91b5b3c1ce0bab14ef02ea76d7c451b0ee9?response-content-disposition=attachment%3B%20filename%3D%22FaxDocument-873422-Wcepinc-Transmission.html%22%3B%20filename%2A%3DUTF-8%27%27FaxDocument-873422-Wcepinc-Transmission.html&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIA37KREM2QLQCGJML5%2F20241024%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241024T201816Z&X-Amz-Expires=15711&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEHMaCXVzLWVhc3QtMSJIMEYCIQD5%2BhZvZGN6J3Fxb1eh7JhGJFYatdM4YSe%2FB1Lhu54clwIhAMGxuFEnQyuPv%2FCfNJf%2FM%2Bjk%2FqrMeNeOhUAY3BKeKKVEKogECNz%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQABoMODIzMTkzMjY1ODI0IgxkadsnklCVctvwMWIq3APvQpQpI58knFBaUI%2FesQH1FJlTX%2BlsdPXwHmIEoA7JJLDUXnDzzteCVoUwvp1olI1h3PTJSpl3WxfIUi7BTzihzEqp3qn85AWXiDO1fWB1MbpD%2FSDfsrqMEgho9OQjpzPsQHM6e%2BmLmZ1yTIHD97Pf%2FN08letrYEZz2NFJVIQrLYTvWQwr2QPEZJyIm0WnuSbbq8Q1iYmha%2FIyVB9ZKxOPpvdgR1ptXZ6oLjzsy%2Bt%2BjafEISWZYsRDWwvLzIujqWG%2B63t%2BpCq3bxmYAsSHjxnzarIm7Hms4AOj9sIvR9pkL0wwD3qkWG7oBYHnb8k0%2B1AzzdJ2e%2FfLVD9TiwcG1KsTEzsabHJpEEBXTzducKIDP%2FcB%2FYcv03kyJnwWzUMaIbwdRV3lLj4itVuLpZpUbOm8RJChRMb83TR2qZdNKkjYktSR42en1uqps%2BU0qDC%2Fg93%2FFw2lIXwuMoTybf1fWYEY2OQz6E5eRoigwQhmg4wJe1ZZgjwP8fEQSG0yo9XZnXr%2FyAu%2BEt2RNzWy2wHuoZk3HVwPs4lWnhTyTcrSndmgKXkfVSpHeqCqkF3xveAbEhd%2F9qQutDIIcWnBBAlsILK5EUpHzYLvkIMYBMTieCtf00%2FFHqO4eOCLX5sGvDCHqeq4BjqkAeyFM5a%2FebzwF4uw87xMbquzIriBZ00BbMxSr1F6iNQrK5eiAmnkSYUYh%2Fp3YJofaU0ox8%2FOVLIHBKp3WtDzd5b5%2F5WwioyMhT1u0BDnhNT%2F%2B11YTTeSy4rC4fIYdhkm7tZrFS9Sa1WIiQXgQiBqqjkRydZT%2FLrmsyVTvK8wBscWkRvZxnU%2Bsi4OUJJHkmJ27ywwC3Ob5nE4D4%2FwrYfIb%2F4HWJO4&X-Amz-SignedHeaders=host&X-Amz-Signature=4bd824e8586cb631d993afbaa40b83fff9764a3fdcecf7e4b686cf1557dfa0d0	Get hash	malicious	Phisher	Browse	104.17.24.14
	https://onlinepdf-qrsharedfile.com/index.html#XYW5uaWUua3lwcmlhbm91QGxjYXR0ZXJ0b24uY29t	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
	https://t.ly/8Lgfk	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	104.17.25.14
code.jquery.com	ES Ny kontraktsrunda.msg	Get hash	malicious	Unknown	Browse	151.101.194.137
	https://klickskydd.skolverket.org/?url=https%3A%2F%2Fonedrive.live.com%2Fredir%3Fresid%3DA2C259BD24DEB977%25211517%26authkey%3D%2521AMV6sdjMIZf95vs%26page%3DView%26wd%3Dtarget%2528Quick%2520Notes.one%257C8266a05f-045a-4cc0-bddc-4debc90069bb%252FNotera%2520H6TYD9J4rDFDFECZC-HUYW%257Ca949d04d-b4e2-4509-b99f-d04546199b7b%252F%2529%26wdorigin%3DNavigationUrl&id=71de&rcpt=johan.brandt@skolverket.se&tss=1729830791&msgid=2d0ccdeb-928a-11ef-8a2e-0050569b0508&html=1&h=008c08c0	Get hash	malicious	Unknown	Browse	151.101.130.137
	http://scansourcce.com/	Get hash	malicious	Unknown	Browse	151.101.2.137
	https://www.google.co.uk/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp%2Fwe4uproducts.com/cbb/lld/jjg/5BVvnI7cfJ4HfuhWZvVda7dK/am9yZGFuLmJsYWNrQGxlYXJmaWVsZC5jb20=	Get hash	malicious	Unknown	Browse	151.101.194.137
	phish_alert_sp2_2.0.0.0 (1).eml	Get hash	malicious	Unknown	Browse	151.101.130.137
	https://8jkfw9cqp7ep.z13.web.core.windows.net/?zpbid=78432_55610c1d-9229-11ef-824f-03718b6de7bb#	Get hash	malicious	HTMLPhisher, TechSupportScam	Browse	151.101.2.137
	_Play__New__VM__01min 04sec____ATT2006587654 (Randiwestbrook) .htm	Get hash	malicious	HTMLPhisher	Browse	151.101.66.137
	EXTERNALRoger Moczygemba shared DIRECT MED CLINIC - CONFIDENTIAL with you.msg	Get hash	malicious	Unknown	Browse	151.101.66.137
	https://egift.activationshub.com/gift-card/view/8lPFUrjq1LGzg7JHwS8hJJRdL	Get hash	malicious	Unknown	Browse	151.101.194.137
	http://hybrid-web.global.blackspider.com/urlwrap/?q=AXicLU67UsMwEFQBX0Gf0pbtkywxowHLiZgUDEXoGVmRjbFlJX4wk4bPgT-kJgpp9u72dnb35hZ9_SB0943Q2J8S1kTT-Bk53fbGD_Po-8h4h4C_yGb70WGgwAjaOz_q4TFAY41fhvk0mSXyY4Pe5_kw3cdxP3RRa-M8k0-72IqHZXZvRruDbptBrMLl7L5dnLAh60JMfhmNFbb3x0VfmFDBDrPYPO9Wtj--jtp0271IeaVxWlvNawq24rrmlPAKkyw3hGoetMLaNOFnloGugFFS1QmrM3IGAKg1DSLdBrM0veyzSMIsryXPOUnO_1-dYIUisgSKsdoknOWcZiBlmSvMVaZwLouSpIqRslBScsxYCkWZQUkobEByul4riRAivwj9ATUqckw&Z	Get hash	malicious	Unknown	Browse	151.101.130.137

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
MICROSOFT-CORP-MSN-AS-BLOCKUS	3WffcqLN3q.exe	Get hash	malicious	Stealc, Vidar	Browse	40.126.32.136
	la.bot.mipsel.elf	Get hash	malicious	Unknown	Browse	22.57.84.90
	la.bot.m68k.elf	Get hash	malicious	Unknown	Browse	21.233.224.110
	https://developmentltd.online/	Get hash	malicious	Captcha Phish	Browse	51.141.97.243
	https://docs.google.com/drawings/d/16aLMbL32wnhWFCR-cOQsVjZ_IjkqNuDyBIYT5G0hJjI/preview?pli=1M6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67n	Get hash	malicious	HTMLPhisher	Browse	40.99.150.82
	la.bot.sparc.elf	Get hash	malicious	Unknown	Browse	191.235.128.61
	la.bot.arm5.elf	Get hash	malicious	Mirai	Browse	40.75.143.117
	la.bot.arm5.elf	Get hash	malicious	Unknown	Browse	20.246.165.95
	la.bot.sh4.elf	Get hash	malicious	Unknown	Browse	51.117.28.149
	la.bot.mips.elf	Get hash	malicious	Unknown	Browse	21.7.101.90
MICROSOFT-CORP-MSN-AS-BLOCKUS	3WffcqLN3q.exe	Get hash	malicious	Stealc, Vidar	Browse	40.126.32.136
	la.bot.mipsel.elf	Get hash	malicious	Unknown	Browse	22.57.84.90
	la.bot.m68k.elf	Get hash	malicious	Unknown	Browse	21.233.224.110
	https://developmentltd.online/	Get hash	malicious	Captcha Phish	Browse	51.141.97.243
	https://docs.google.com/drawings/d/16aLMbL32wnhWFCR-cOQsVjZ_IjkqNuDyBIYT5G0hJjI/preview?pli=1M6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67n	Get hash	malicious	HTMLPhisher	Browse	40.99.150.82
	la.bot.sparc.elf	Get hash	malicious	Unknown	Browse	191.235.128.61
	la.bot.arm5.elf	Get hash	malicious	Mirai	Browse	40.75.143.117
	la.bot.arm5.elf	Get hash	malicious	Unknown	Browse	20.246.165.95
	la.bot.sh4.elf	Get hash	malicious	Unknown	Browse	51.117.28.149
	la.bot.mips.elf	Get hash	malicious	Unknown	Browse	21.7.101.90
MICROSOFT-CORP-MSN-AS-BLOCKUS	3WffcqLN3q.exe	Get hash	malicious	Stealc, Vidar	Browse	40.126.32.136
	la.bot.mipsel.elf	Get hash	malicious	Unknown	Browse	22.57.84.90
	la.bot.m68k.elf	Get hash	malicious	Unknown	Browse	21.233.224.110
	https://developmentltd.online/	Get hash	malicious	Captcha Phish	Browse	51.141.97.243
	https://docs.google.com/drawings/d/16aLMbL32wnhWFCR-cOQsVjZ_IjkqNuDyBIYT5G0hJjI/preview?pli=1M6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67n	Get hash	malicious	HTMLPhisher	Browse	40.99.150.82
	la.bot.sparc.elf	Get hash	malicious	Unknown	Browse	191.235.128.61
	la.bot.arm5.elf	Get hash	malicious	Mirai	Browse	40.75.143.117
	la.bot.arm5.elf	Get hash	malicious	Unknown	Browse	20.246.165.95
	la.bot.sh4.elf	Get hash	malicious	Unknown	Browse	51.117.28.149
	la.bot.mips.elf	Get hash	malicious	Unknown	Browse	21.7.101.90
CLOUDFLARENETUS	Fax_Message_04 September, 202411_21_58 AM_564308269612697.htm	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://developmentltd.online/	Get hash	malicious	Captcha Phish	Browse	1.1.1.1
	https://docs.google.com/drawings/d/16aLMbL32wnhWFCR-cOQsVjZ_IjkqNuDyBIYT5G0hJjI/preview?pli=1M6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67nP7OXV3HvrtT5dsO5ZTZeQKw2TuFqTYPJfDODqRTQMZxM6Qg67n	Get hash	malicious	HTMLPhisher	Browse	104.21.49.204
	https://gf5q.sqpbij.shop/?c2V0aC5wZW1iZXJAYXV0b3BhcnRpbnRsLmNvbTp3NThyNg	Get hash	malicious	HTMLPhisher	Browse	104.26.13.205
	la.bot.mips.elf	Get hash	malicious	Unknown	Browse	104.21.118.12
	https://ljptn9jl729v.jp.larksuite.com/share/base/form/shrjpAd28kd9HXI7TjO1wFqS7Pf	Get hash	malicious	Unknown	Browse	1.1.1.1
	yGktPvplJn.exe	Get hash	malicious	Pushdo	Browse	188.114.96.3
	ES Ny kontraktsrunda.msg	Get hash	malicious	Unknown	Browse	172.67.167.62
	https://klickskydd.skolverket.org/?url=https%3A%2F%2Fonedrive.live.com%2Fredir%3Fresid%3DA2C259BD24DEB977%25211517%26authkey%3D%2521AMV6sdjMIZf95vs%26page%3DView%26wd%3Dtarget%2528Quick%2520Notes.one%257C8266a05f-045a-4cc0-bddc-4debc90069bb%252FNotera%2520H6TYD9J4rDFDFECZC-HUYW%257Ca949d04d-b4e2-4509-b99f-d04546199b7b%252F%2529%26wdorigin%3DNavigationUrl&id=71de&rcpt=johan.brandt@skolverket.se&tss=1729830791&msgid=2d0ccdeb-928a-11ef-8a2e-0050569b0508&html=1&h=008c08c0	Get hash	malicious	Unknown	Browse	104.16.123.96
	https://dl.dropboxusercontent.com/scl/fi/kzw07ghqs05mfyhu8o3ey/BestellungVRG020002.zip?rlkey=27cmmjv86s5ygdnss2oa80i1o&st=86cnbbyp&dl=0	Get hash	malicious	Unknown	Browse	104.16.231.132

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	Fax_Message_04 September, 202411_21_58 AM_564308269612697.htm	Get hash	malicious	HTMLPhisher	Browse	52.149.20.212 184.28.90.27 20.190.159.71
	https://gf5q.sqpbij.shop/?c2V0aC5wZW1iZXJAYXV0b3BhcnRpbnRsLmNvbTp3NThyNg	Get hash	malicious	HTMLPhisher	Browse	52.149.20.212 184.28.90.27 20.190.159.71
	https://onedrive.live.com/redir?resid=A2C259BD24DEB977%211517&authkey=%21AMV6sdjMIZf95vs&page=View&wd=target%28Quick%20Notes.one%7C8266a05f-045a-4cc0-bddc-4debc90069bb%2FNotera%20H6TYD9J4rDFDFECZC-HUYW%7Ca949d04d-b4e2-4509-b99f-d04546199b7b%2F%29&wdorigin=NavigationUrl	Get hash	malicious	Unknown	Browse	52.149.20.212 184.28.90.27 20.190.159.71
	ES Ny kontraktsrunda.msg	Get hash	malicious	Unknown	Browse	52.149.20.212 184.28.90.27 20.190.159.71
	https://klickskydd.skolverket.org/?url=https%3A%2F%2Fonedrive.live.com%2Fredir%3Fresid%3DA2C259BD24DEB977%25211517%26authkey%3D%2521AMV6sdjMIZf95vs%26page%3DView%26wd%3Dtarget%2528Quick%2520Notes.one%257C8266a05f-045a-4cc0-bddc-4debc90069bb%252FNotera%2520H6TYD9J4rDFDFECZC-HUYW%257Ca949d04d-b4e2-4509-b99f-d04546199b7b%252F%2529%26wdorigin%3DNavigationUrl&id=71de&rcpt=johan.brandt@skolverket.se&tss=1729830791&msgid=2d0ccdeb-928a-11ef-8a2e-0050569b0508&html=1&h=008c08c0	Get hash	malicious	Unknown	Browse	52.149.20.212 184.28.90.27 20.190.159.71
	https://dl.dropboxusercontent.com/scl/fi/kzw07ghqs05mfyhu8o3ey/BestellungVRG020002.zip?rlkey=27cmmjv86s5ygdnss2oa80i1o&st=86cnbbyp&dl=0	Get hash	malicious	Unknown	Browse	52.149.20.212 184.28.90.27 20.190.159.71
	https://0nline1.fors3650com.site/?NTMtNGYyOS1hNDc1LTA	Get hash	malicious	HTMLPhisher	Browse	52.149.20.212 184.28.90.27 20.190.159.71
	sup.logical@gmail.com.exe	Get hash	malicious	Unknown	Browse	52.149.20.212 184.28.90.27 20.190.159.71
	SBVKQQFD9R.exe	Get hash	malicious	PureLog Stealer	Browse	52.149.20.212 184.28.90.27 20.190.159.71
	https://temp.farenheit.net/XL1VkZE1FVGZjL0VwUUt5cWc4dkk1SWpqVFFTMUtQZ0krRFhobktOS05RSWpVMTZIYzk3b3hOUTBoZ2VYdnAzM21wZnYwMVBmdGN0MW12M09qVmMzbnNVeVpkeXBxeHVGd2V4eDRvVlZ5dERsakpjbGV3ZVZxRVhlZ0F6Q3hwQlptYUUyRFhHRzY3YkRXQ3hjWmhBZDBpMkNpakJDSnhzUG9xa2k2ZkdacVpDZVhFVFppeUJLcHJIaC0teVVJeERBTFd0K3k3b01rYS0tRk9zSWNIVEd0blVHZVlhTlFnVUxldz09?cid=2242420613	Get hash	malicious	Unknown	Browse	52.149.20.212 184.28.90.27 20.190.159.71

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:	data
Category:	dropped
Size (bytes):	231348
Entropy (8bit):	4.386193216308214
Encrypted:	false
SSDEEP:	1536:Q/YLI6gsoZN+v/3ZLgsggNcAz79ysQqt2G+iAqoQPZrcm0Fv0CZyQ0Bktt4CDTR6:V1gS3VgSmiGu2hqoQBrt0FvmxS5M1rSo
MD5:	C70B4BEDFF7B6EDA3CBD071077D15970
SHA1:	5B41E30189F0AE6361EA2850AA893101F6689530
SHA-256:	7D1F897A1928070078328E27C90119217DB2A2D4CD7FD68517C85DAB3423597F
SHA-512:	9DCDA8780BB2CEE7C159D1F467542090FCAFEDD02CC842E86E2CD6EE65EC9B1CD77BD96473E669C4B9BF61C200267FE37BF39F4161B50E8DF0A14612F090317C
Malicious:	false
Preview:	TH02...... .....&......SM01X...,........&..........IPM.Activity...........h...............h............H..h<.S.....3....h...........H..h\cal ...pDat...h.]..0.....S....h..v............h........_`Uk...h..v.@...I.lw...h....H...8.Zk...0....T...............d.........2h...............k..............!h.............. h..........S...#h....8.........$h.......8....."h`...........'h..e...........1h..v.<.........0h....4....Zk../h....h.....ZkH..h....p...<.S...-h ........S...+h..v....0.S................. ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000....Microsoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 25 10:42:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9840042913813747
Encrypted:	false
SSDEEP:	48:8XQdKqsTqnO7H4UidAKZdA1FehwiZUklqehekJy+3:8Msjz/Yy
MD5:	64E1C4B5586C7FB661BEE7641E2FFB99
SHA1:	58B2E9166D18DE0AC810ED50FA130EAD3BFA38D3
SHA-256:	CF1443D719A835B44C80179B3ECC50D0A2A383E2155888C3DE1D3FDAF8DBA83D
SHA-512:	C2A12B362BFCCF3DB7A0F9430A3FA322C1E4E4846F9DDEE620608B738B7B65AC1F0D3AC6B48A1B39AEC665A781590D55C798B7ABF1E813098072BFF45BE325B4
Malicious:	false
Preview:	L..................F.@.. ...$+.,.....y..&..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IYY%]....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VYYB]....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VYYB]....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VYYB]..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VYYC]...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............-H.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

File type:	Zip archive data, at least v4.5 to extract, compression method=deflate
Entropy (8bit):	7.99881093120592
TrID:	ZIP compressed archive (8000/1) 100.00%
File name:	Quarantined Messages (1).zip
File size:	153'813 bytes
MD5:	ad3972b3fe62c428c9c2ef0c7d4bbb82
SHA1:	e379ec9f1251444b4edb2ea6a5ff5334a939b480
SHA256:	0c63c4ae4ef875acfff612bbfa16770d13de8197415df4136d2ab678f0c2bcd4
SHA512:	b14b51610465827144f80c3c958eea38d6805dfebcfd53adbff3728b5adfb98e0315b88b0090f228a79c3dfa49ebbfdf7bfd7c4b8ad9c84860d1ceac3d3b364e
SSDEEP:	3072:zJ+/dDf5gvHUg/+9PjJOKEVgEMQsFFgfnysFmGESkr/YwhTpK5l8bY9ZhGUot6HT:zJ+jgfT/qj6V1KFFOnnFOSkLYwI9ZYXE
TLSH:	5CE312FDF5DA4022BAACF487E771728D2834B25C2F10DBC6A5682A9D04D2E057E35972
File Content Preview:	PK..-......\YY.Z..........M...b013e97a-82ac-47e2-7d71-08dcf47b0758/0e7d1db5-47bc-5f6e-656b-d3675529b6d6.eml....+........W.........E../...t.h..c.+0.<....f.y.}zw5.u..c...i.....23..Z.\|...1NX.p....J/PC...Rj...K... U...;Y...}...M.._S....... .V.1......ZUFo*....

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 25, 2024 13:41:40.637947083 CEST	137	137	192.168.2.16	192.168.2.255
Oct 25, 2024 13:41:41.402024984 CEST	137	137	192.168.2.16	192.168.2.255
Oct 25, 2024 13:41:42.167145014 CEST	137	137	192.168.2.16	192.168.2.255
Oct 25, 2024 13:42:03.593286037 CEST	53	61884	1.1.1.1	192.168.2.16
Oct 25, 2024 13:42:03.857033014 CEST	53	49961	1.1.1.1	192.168.2.16
Oct 25, 2024 13:42:03.940896988 CEST	50849	53	192.168.2.16	1.1.1.1
Oct 25, 2024 13:42:03.941148996 CEST	61004	53	192.168.2.16	1.1.1.1
Oct 25, 2024 13:42:03.941473961 CEST	60664	53	192.168.2.16	1.1.1.1
Oct 25, 2024 13:42:03.941601992 CEST	53203	53	192.168.2.16	1.1.1.1
Oct 25, 2024 13:42:03.942373037 CEST	64019	53	192.168.2.16	1.1.1.1
Oct 25, 2024 13:42:03.942497969 CEST	54758	53	192.168.2.16	1.1.1.1
Oct 25, 2024 13:42:03.942884922 CEST	49825	53	192.168.2.16	1.1.1.1
Oct 25, 2024 13:42:03.942996979 CEST	57203	53	192.168.2.16	1.1.1.1
Oct 25, 2024 13:42:03.943428040 CEST	64885	53	192.168.2.16	1.1.1.1
Oct 25, 2024 13:42:03.943613052 CEST	54636	53	192.168.2.16	1.1.1.1
Oct 25, 2024 13:42:03.948513031 CEST	53	61004	1.1.1.1	192.168.2.16
Oct 25, 2024 13:42:03.948939085 CEST	53	50849	1.1.1.1	192.168.2.16
Oct 25, 2024 13:42:03.948950052 CEST	53	60664	1.1.1.1	192.168.2.16
Oct 25, 2024 13:42:03.948955059 CEST	53	50598	1.1.1.1	192.168.2.16
Oct 25, 2024 13:42:03.949982882 CEST	53	64097	1.1.1.1	192.168.2.16
Oct 25, 2024 13:42:03.950102091 CEST	53	53203	1.1.1.1	192.168.2.16
Oct 25, 2024 13:42:03.950112104 CEST	53	54758	1.1.1.1	192.168.2.16
Oct 25, 2024 13:42:03.953360081 CEST	53	54636	1.1.1.1	192.168.2.16
Oct 25, 2024 13:42:03.953547955 CEST	53	64885	1.1.1.1	192.168.2.16
Oct 25, 2024 13:42:04.881589890 CEST	54155	53	192.168.2.16	1.1.1.1
Oct 25, 2024 13:42:04.881589890 CEST	52596	53	192.168.2.16	1.1.1.1
Oct 25, 2024 13:42:04.889442921 CEST	53	54155	1.1.1.1	192.168.2.16
Oct 25, 2024 13:42:04.889628887 CEST	53	52596	1.1.1.1	192.168.2.16
Oct 25, 2024 13:42:04.933568954 CEST	54676	53	192.168.2.16	1.1.1.1
Oct 25, 2024 13:42:04.933696985 CEST	51930	53	192.168.2.16	1.1.1.1
Oct 25, 2024 13:42:04.941988945 CEST	53	51930	1.1.1.1	192.168.2.16
Oct 25, 2024 13:42:05.085272074 CEST	56584	53	192.168.2.16	1.1.1.1
Oct 25, 2024 13:42:05.085393906 CEST	62006	53	192.168.2.16	1.1.1.1
Oct 25, 2024 13:42:05.094367027 CEST	53	56584	1.1.1.1	192.168.2.16
Oct 25, 2024 13:42:05.094469070 CEST	53	62006	1.1.1.1	192.168.2.16
Oct 25, 2024 13:42:05.156585932 CEST	53	61542	1.1.1.1	192.168.2.16
Oct 25, 2024 13:42:05.177644014 CEST	62549	53	192.168.2.16	1.1.1.1
Oct 25, 2024 13:42:05.177715063 CEST	50792	53	192.168.2.16	1.1.1.1
Oct 25, 2024 13:42:05.186660051 CEST	53	50792	1.1.1.1	192.168.2.16
Oct 25, 2024 13:42:05.186702013 CEST	53	62549	1.1.1.1	192.168.2.16
Oct 25, 2024 13:42:05.716502905 CEST	53	49509	1.1.1.1	192.168.2.16
Oct 25, 2024 13:42:05.721482992 CEST	50872	53	192.168.2.16	1.1.1.1
Oct 25, 2024 13:42:05.721641064 CEST	52169	53	192.168.2.16	1.1.1.1
Oct 25, 2024 13:42:06.652929068 CEST	59192	53	192.168.2.16	1.1.1.1
Oct 25, 2024 13:42:06.653072119 CEST	63896	53	192.168.2.16	1.1.1.1
Oct 25, 2024 13:42:08.285799026 CEST	64501	53	192.168.2.16	1.1.1.1
Oct 25, 2024 13:42:08.285799026 CEST	55465	53	192.168.2.16	1.1.1.1
Oct 25, 2024 13:42:08.293060064 CEST	53	55465	1.1.1.1	192.168.2.16
Oct 25, 2024 13:42:08.293359041 CEST	53	64501	1.1.1.1	192.168.2.16
Oct 25, 2024 13:42:19.142615080 CEST	64976	53	192.168.2.16	1.1.1.1
Oct 25, 2024 13:42:19.142724991 CEST	58411	53	192.168.2.16	1.1.1.1
Oct 25, 2024 13:42:19.156300068 CEST	53	58411	1.1.1.1	192.168.2.16
Oct 25, 2024 13:42:19.158291101 CEST	53	64976	1.1.1.1	192.168.2.16
Oct 25, 2024 13:42:22.144124985 CEST	53	65459	1.1.1.1	192.168.2.16
Oct 25, 2024 13:42:27.629419088 CEST	64025	53	192.168.2.16	1.1.1.1
Oct 25, 2024 13:42:27.629710913 CEST	61091	53	192.168.2.16	1.1.1.1
Oct 25, 2024 13:42:29.032855034 CEST	63070	53	192.168.2.16	1.1.1.1
Oct 25, 2024 13:42:29.033096075 CEST	55026	53	192.168.2.16	1.1.1.1
Oct 25, 2024 13:42:29.040529013 CEST	53	63070	1.1.1.1	192.168.2.16
Oct 25, 2024 13:42:29.040884972 CEST	53	55026	1.1.1.1	192.168.2.16
Oct 25, 2024 13:42:30.611444950 CEST	138	138	192.168.2.16	192.168.2.255
Oct 25, 2024 13:42:31.857459068 CEST	59716	53	192.168.2.16	1.1.1.1
Oct 25, 2024 13:42:31.857590914 CEST	56664	53	192.168.2.16	1.1.1.1
Oct 25, 2024 13:42:31.911487103 CEST	53	57417	1.1.1.1	192.168.2.16
Oct 25, 2024 13:42:41.229119062 CEST	53	52897	1.1.1.1	192.168.2.16
Oct 25, 2024 13:43:03.487552881 CEST	53	51325	1.1.1.1	192.168.2.16
Oct 25, 2024 13:43:03.978909969 CEST	53	58292	1.1.1.1	192.168.2.16
Oct 25, 2024 13:43:32.071579933 CEST	53	53480	1.1.1.1	192.168.2.16

Timestamp	Bytes transferred	Direction	Data
2024-10-25 11:41:33 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-25 11:41:33 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF70) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=191009 Date: Fri, 25 Oct 2024 11:41:33 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-10-25 11:41:34 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-25 11:41:34 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=191008 Date: Fri, 25 Oct 2024 11:41:34 GMT Content-Length: 55 Connection: close X-CID: 2
2024-10-25 11:41:34 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-10-25 11:41:40 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=6L4s9PSHTBpgUVm&MD=GxUZchm+ HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-25 11:41:40 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 26476b19-5bb8-42f7-8200-162e8c1adcb2 MS-RequestId: 0ddbbf2d-028d-4522-bf90-7da42315b2e4 MS-CV: 3AkFzJdM9EqqwbMI.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 25 Oct 2024 11:41:40 GMT Connection: close Content-Length: 24490
2024-10-25 11:41:40 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-10-25 11:41:40 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Timestamp	Bytes transferred	Direction	Data
2024-10-25 11:41:55 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 3592 Host: login.live.com
2024-10-25 11:41:55 UTC	3592	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-10-25 11:41:55 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Fri, 25 Oct 2024 11:40:55 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C538_BAY x-ms-request-id: 11fe0cae-9499-4da5-9bd7-a2c9adb1ed26 PPServer: PPV: 30 H: PH1PEPF0001B8B2 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Fri, 25 Oct 2024 11:41:54 GMT Connection: close Content-Length: 11392
2024-10-25 11:41:55 UTC	11392	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Timestamp	Bytes transferred	Direction	Data
2024-10-25 11:41:57 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4775 Host: login.live.com
2024-10-25 11:41:57 UTC	4775	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-10-25 11:41:57 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Fri, 25 Oct 2024 11:40:57 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C538_SN1 x-ms-request-id: 15fdb283-3d7c-48da-b405-dd1edb9fb1de PPServer: PPV: 30 H: SN1PEPF0002F9B8 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Fri, 25 Oct 2024 11:41:56 GMT Connection: close Content-Length: 11412
2024-10-25 11:41:57 UTC	11412	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Timestamp	Bytes transferred	Direction	Data
2024-10-25 11:41:58 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4775 Host: login.live.com
2024-10-25 11:41:58 UTC	4775	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-10-25 11:41:58 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Fri, 25 Oct 2024 11:40:58 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C538_BL2 x-ms-request-id: efddd67a-d018-498e-b757-601fa3561ccf PPServer: PPV: 30 H: BL02EPF00027834 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Fri, 25 Oct 2024 11:41:58 GMT Connection: close Content-Length: 11412
2024-10-25 11:41:58 UTC	11412	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Timestamp	Bytes transferred	Direction	Data
2024-10-25 11:42:00 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4762 Host: login.live.com
2024-10-25 11:42:00 UTC	4762	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-10-25 11:42:00 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Fri, 25 Oct 2024 11:41:00 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C538_BAY x-ms-request-id: 61559f6c-7fe0-433c-9c4a-564b64e1c109 PPServer: PPV: 30 H: PH1PEPF00011EDD V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Fri, 25 Oct 2024 11:42:00 GMT Connection: close Content-Length: 10197
2024-10-25 11:42:00 UTC	10197	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Timestamp	Bytes transferred	Direction	Data
2024-10-25 11:42:04 UTC	549	OUT	GET /bootstrap/4.0.0/css/bootstrap.min.css HTTP/1.1 Host: maxcdn.bootstrapcdn.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: null sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: style Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-25 11:42:04 UTC	933	IN	HTTP/1.1 200 OK Date: Fri, 25 Oct 2024 11:42:04 GMT Content-Type: text/css; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CDN-PullZone: 252412 CDN-Uid: b1941f61-b576-4f40-80de-5677acb38f74 CDN-RequestCountryCode: US Access-Control-Allow-Origin: * Cache-Control: public, max-age=31919000 ETag: W/"450fc463b8b1a349df717056fbb3e078" Last-Modified: Mon, 25 Jan 2021 22:04:04 GMT CDN-ProxyVer: 1.04 CDN-RequestPullSuccess: True CDN-RequestPullCode: 200 CDN-CachedAt: 10/31/2023 18:54:29 CDN-EdgeStorageId: 941 timing-allow-origin: * cross-origin-resource-policy: cross-origin X-Content-Type-Options: nosniff CDN-Status: 200 CDN-RequestId: 5d2c135cc52daf7e5ec6fa8d26de92ba CDN-Cache: HIT CF-Cache-Status: HIT Age: 20269121 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Server: cloudflare CF-RAY: 8d81f0eefe8b4798-DFW alt-svc: h3=":443"; ma=86400
2024-10-25 11:42:04 UTC	436	IN	Data Raw: 37 63 30 64 0d 0a 2f 2a 21 0a 20 2a 20 42 6f 6f 74 73 74 72 61 70 20 76 34 2e 30 2e 30 20 28 68 74 74 70 73 3a 2f 2f 67 65 74 62 6f 6f 74 73 74 72 61 70 2e 63 6f 6d 29 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 31 38 20 54 68 65 20 42 6f 6f 74 73 74 72 61 70 20 41 75 74 68 6f 72 73 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 31 38 20 54 77 69 74 74 65 72 2c 20 49 6e 63 2e 0a 20 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 4d 49 54 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 62 6c 6f 62 2f 6d 61 73 74 65 72 2f 4c 49 43 45 4e 53 45 29 0a 20 2a 2f 3a 72 6f 6f 74 7b 2d 2d 62 6c 75 65 3a 23 30 30 37 62 66 66 3b 2d 2d 69 6e 64 69 67 6f 3a 23 36 36 31 30 Data Ascii: 7c0d/! Bootstrap v4.0.0 (https://getbootstrap.com) * Copyright 2011-2018 The Bootstrap Authors * Copyright 2011-2018 Twitter, Inc. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) */:root{--blue:#007bff;--indigo:#6610
2024-10-25 11:42:04 UTC	1369	IN	Data Raw: 69 6d 61 72 79 3a 23 30 30 37 62 66 66 3b 2d 2d 73 65 63 6f 6e 64 61 72 79 3a 23 36 63 37 35 37 64 3b 2d 2d 73 75 63 63 65 73 73 3a 23 32 38 61 37 34 35 3b 2d 2d 69 6e 66 6f 3a 23 31 37 61 32 62 38 3b 2d 2d 77 61 72 6e 69 6e 67 3a 23 66 66 63 31 30 37 3b 2d 2d 64 61 6e 67 65 72 3a 23 64 63 33 35 34 35 3b 2d 2d 6c 69 67 68 74 3a 23 66 38 66 39 66 61 3b 2d 2d 64 61 72 6b 3a 23 33 34 33 61 34 30 3b 2d 2d 62 72 65 61 6b 70 6f 69 6e 74 2d 78 73 3a 30 3b 2d 2d 62 72 65 61 6b 70 6f 69 6e 74 2d 73 6d 3a 35 37 36 70 78 3b 2d 2d 62 72 65 61 6b 70 6f 69 6e 74 2d 6d 64 3a 37 36 38 70 78 3b 2d 2d 62 72 65 61 6b 70 6f 69 6e 74 2d 6c 67 3a 39 39 32 70 78 3b 2d 2d 62 72 65 61 6b 70 6f 69 6e 74 2d 78 6c 3a 31 32 30 30 70 78 3b 2d 2d 66 6f 6e 74 2d 66 61 6d 69 6c 79 2d 73 Data Ascii: imary:#007bff;--secondary:#6c757d;--success:#28a745;--info:#17a2b8;--warning:#ffc107;--danger:#dc3545;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-s
2024-10-25 11:42:04 UTC	1369	IN	Data Raw: 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 20 64 6f 74 74 65 64 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 20 64 6f 74 74 65 64 3b 63 75 72 73 6f 72 3a 68 65 6c 70 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 30 7d 61 64 64 72 65 73 73 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 69 6e 68 65 72 69 74 7d 64 6c 2c 6f 6c 2c 75 6c 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 7d 6f 6c 20 6f 6c 2c 6f 6c 20 75 6c 2c 75 6c 20 6f 6c 2c 75 6c 20 75 6c 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 30 7d 64 74 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 64 64 7b 6d 61 72 Data Ascii: ation:underline dotted;text-decoration:underline dotted;cursor:help;border-bottom:0}address{margin-bottom:1rem;font-style:normal;line-height:inherit}dl,ol,ul{margin-top:0;margin-bottom:1rem}ol ol,ol ul,ul ol,ul ul{margin-bottom:0}dt{font-weight:700}dd{mar
2024-10-25 11:42:04 UTC	1369	IN	Data Raw: 61 75 74 6f 20 2d 77 65 62 6b 69 74 2d 66 6f 63 75 73 2d 72 69 6e 67 2d 63 6f 6c 6f 72 7d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 2c 6f 70 74 67 72 6f 75 70 2c 73 65 6c 65 63 74 2c 74 65 78 74 61 72 65 61 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 69 6e 68 65 72 69 74 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 69 6e 68 65 72 69 74 7d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 7b 6f 76 65 72 66 6c 6f 77 3a 76 69 73 69 62 6c 65 7d 62 75 74 74 6f 6e 2c 73 65 6c 65 63 74 7b 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 6e 6f 6e 65 7d 5b 74 79 70 65 3d 72 65 73 65 74 5d 2c 5b 74 79 70 65 3d 73 75 62 6d 69 74 5d 2c 62 75 74 74 6f 6e 2c 68 74 6d 6c 20 5b 74 79 70 65 3d 62 75 74 74 6f 6e 5d 7b 2d 77 65 Data Ascii: auto -webkit-focus-ring-color}button,input,optgroup,select,textarea{margin:0;font-family:inherit;font-size:inherit;line-height:inherit}button,input{overflow:visible}button,select{text-transform:none}[type=reset],[type=submit],button,html [type=button]{-we
2024-10-25 11:42:04 UTC	1369	IN	Data Raw: 69 6e 2d 62 6f 74 74 6f 6d 3a 2e 35 72 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 3b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 7d 2e 68 31 2c 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 7d 2e 68 32 2c 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 72 65 6d 7d 2e 68 33 2c 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 35 72 65 6d 7d 2e 68 34 2c 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 7d 2e 68 35 2c 68 35 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 35 72 65 6d 7d 2e 68 36 2c 68 36 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 72 65 6d 7d 2e 6c 65 61 64 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 Data Ascii: in-bottom:.5rem;font-family:inherit;font-weight:500;line-height:1.2;color:inherit}.h1,h1{font-size:2.5rem}.h2,h2{font-size:2rem}.h3,h3{font-size:1.75rem}.h4,h4{font-size:1.5rem}.h5,h5{font-size:1.25rem}.h6,h6{font-size:1rem}.lead{font-size:1.25rem;font-we
2024-10-25 11:42:04 UTC	1369	IN	Data Raw: 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 53 46 4d 6f 6e 6f 2d 52 65 67 75 6c 61 72 2c 4d 65 6e 6c 6f 2c 4d 6f 6e 61 63 6f 2c 43 6f 6e 73 6f 6c 61 73 2c 22 4c 69 62 65 72 61 74 69 6f 6e 20 4d 6f 6e 6f 22 2c 22 43 6f 75 72 69 65 72 20 4e 65 77 22 2c 6d 6f 6e 6f 73 70 61 63 65 7d 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 38 37 2e 35 25 3b 63 6f 6c 6f 72 3a 23 65 38 33 65 38 63 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 77 6f 72 64 7d 61 3e 63 6f 64 65 7b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 7d 6b 62 64 7b 70 61 64 64 69 6e 67 3a 2e 32 72 65 6d 20 2e 34 72 65 6d 3b 66 6f 6e 74 2d 73 69 7a 65 3a 38 37 2e 35 25 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 32 31 32 35 32 39 3b 62 6f 72 64 65 72 2d 72 61 Data Ascii: {font-family:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace}code{font-size:87.5%;color:#e83e8c;word-break:break-word}a>code{color:inherit}kbd{padding:.2rem .4rem;font-size:87.5%;color:#fff;background-color:#212529;border-ra
2024-10-25 11:42:04 UTC	1369	IN	Data Raw: 6f 2c 2e 63 6f 6c 2d 6d 64 2c 2e 63 6f 6c 2d 6d 64 2d 31 2c 2e 63 6f 6c 2d 6d 64 2d 31 30 2c 2e 63 6f 6c 2d 6d 64 2d 31 31 2c 2e 63 6f 6c 2d 6d 64 2d 31 32 2c 2e 63 6f 6c 2d 6d 64 2d 32 2c 2e 63 6f 6c 2d 6d 64 2d 33 2c 2e 63 6f 6c 2d 6d 64 2d 34 2c 2e 63 6f 6c 2d 6d 64 2d 35 2c 2e 63 6f 6c 2d 6d 64 2d 36 2c 2e 63 6f 6c 2d 6d 64 2d 37 2c 2e 63 6f 6c 2d 6d 64 2d 38 2c 2e 63 6f 6c 2d 6d 64 2d 39 2c 2e 63 6f 6c 2d 6d 64 2d 61 75 74 6f 2c 2e 63 6f 6c 2d 73 6d 2c 2e 63 6f 6c 2d 73 6d 2d 31 2c 2e 63 6f 6c 2d 73 6d 2d 31 30 2c 2e 63 6f 6c 2d 73 6d 2d 31 31 2c 2e 63 6f 6c 2d 73 6d 2d 31 32 2c 2e 63 6f 6c 2d 73 6d 2d 32 2c 2e 63 6f 6c 2d 73 6d 2d 33 2c 2e 63 6f 6c 2d 73 6d 2d 34 2c 2e 63 6f 6c 2d 73 6d 2d 35 2c 2e 63 6f 6c 2d 73 6d 2d 36 2c 2e 63 6f 6c 2d 73 6d 2d Data Ascii: o,.col-md,.col-md-1,.col-md-10,.col-md-11,.col-md-12,.col-md-2,.col-md-3,.col-md-4,.col-md-5,.col-md-6,.col-md-7,.col-md-8,.col-md-9,.col-md-auto,.col-sm,.col-sm-1,.col-sm-10,.col-sm-11,.col-sm-12,.col-sm-2,.col-sm-3,.col-sm-4,.col-sm-5,.col-sm-6,.col-sm-
2024-10-25 11:42:04 UTC	1369	IN	Data Raw: 36 36 37 25 3b 6d 61 78 2d 77 69 64 74 68 3a 36 36 2e 36 36 36 36 36 37 25 7d 2e 63 6f 6c 2d 39 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 66 6c 65 78 3a 30 3b 2d 6d 73 2d 66 6c 65 78 3a 30 20 30 20 37 35 25 3b 66 6c 65 78 3a 30 20 30 20 37 35 25 3b 6d 61 78 2d 77 69 64 74 68 3a 37 35 25 7d 2e 63 6f 6c 2d 31 30 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 66 6c 65 78 3a 30 3b 2d 6d 73 2d 66 6c 65 78 3a 30 20 30 20 38 33 2e 33 33 33 33 33 33 25 3b 66 6c 65 78 3a 30 20 30 20 38 33 2e 33 33 33 33 33 33 25 3b 6d 61 78 2d 77 69 64 74 68 3a 38 33 2e 33 33 33 33 33 33 25 7d 2e 63 6f 6c 2d 31 31 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 66 6c 65 78 3a 30 3b 2d 6d 73 2d 66 6c 65 78 3a 30 20 30 20 39 31 2e 36 36 36 36 36 37 25 3b 66 6c 65 78 3a 30 20 30 20 39 31 2e 36 36 36 36 Data Ascii: 667%;max-width:66.666667%}.col-9{-webkit-box-flex:0;-ms-flex:0 0 75%;flex:0 0 75%;max-width:75%}.col-10{-webkit-box-flex:0;-ms-flex:0 0 83.333333%;flex:0 0 83.333333%;max-width:83.333333%}.col-11{-webkit-box-flex:0;-ms-flex:0 0 91.666667%;flex:0 0 91.6666
2024-10-25 11:42:04 UTC	1369	IN	Data Raw: 36 36 37 25 7d 2e 6f 66 66 73 65 74 2d 33 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 32 35 25 7d 2e 6f 66 66 73 65 74 2d 34 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 33 33 2e 33 33 33 33 33 33 25 7d 2e 6f 66 66 73 65 74 2d 35 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 34 31 2e 36 36 36 36 36 37 25 7d 2e 6f 66 66 73 65 74 2d 36 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 35 30 25 7d 2e 6f 66 66 73 65 74 2d 37 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 35 38 2e 33 33 33 33 33 33 25 7d 2e 6f 66 66 73 65 74 2d 38 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 36 36 2e 36 36 36 36 36 37 25 7d 2e 6f 66 66 73 65 74 2d 39 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 37 35 25 7d 2e 6f 66 66 73 65 74 2d 31 30 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 38 33 2e 33 33 33 33 33 33 25 7d 2e 6f 66 66 73 65 Data Ascii: 667%}.offset-3{margin-left:25%}.offset-4{margin-left:33.333333%}.offset-5{margin-left:41.666667%}.offset-6{margin-left:50%}.offset-7{margin-left:58.333333%}.offset-8{margin-left:66.666667%}.offset-9{margin-left:75%}.offset-10{margin-left:83.333333%}.offse
2024-10-25 11:42:04 UTC	1369	IN	Data Raw: 77 69 64 74 68 3a 38 33 2e 33 33 33 33 33 33 25 7d 2e 63 6f 6c 2d 73 6d 2d 31 31 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 66 6c 65 78 3a 30 3b 2d 6d 73 2d 66 6c 65 78 3a 30 20 30 20 39 31 2e 36 36 36 36 36 37 25 3b 66 6c 65 78 3a 30 20 30 20 39 31 2e 36 36 36 36 36 37 25 3b 6d 61 78 2d 77 69 64 74 68 3a 39 31 2e 36 36 36 36 36 37 25 7d 2e 63 6f 6c 2d 73 6d 2d 31 32 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 66 6c 65 78 3a 30 3b 2d 6d 73 2d 66 6c 65 78 3a 30 20 30 20 31 30 30 25 3b 66 6c 65 78 3a 30 20 30 20 31 30 30 25 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 7d 2e 6f 72 64 65 72 2d 73 6d 2d 66 69 72 73 74 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 30 3b 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 2d 31 3b 6f 72 64 65 Data Ascii: width:83.333333%}.col-sm-11{-webkit-box-flex:0;-ms-flex:0 0 91.666667%;flex:0 0 91.666667%;max-width:91.666667%}.col-sm-12{-webkit-box-flex:0;-ms-flex:0 0 100%;flex:0 0 100%;max-width:100%}.order-sm-first{-webkit-box-ordinal-group:0;-ms-flex-order:-1;orde

Timestamp	Bytes transferred	Direction	Data
2024-10-25 11:42:04 UTC	586	OUT	GET /jquery-3.1.1.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning" sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-25 11:42:04 UTC	566	IN	HTTP/1.1 200 OK Connection: close Content-Length: 86709 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-152b5" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Age: 793240 Date: Fri, 25 Oct 2024 11:42:04 GMT X-Served-By: cache-lga21947-LGA, cache-dfw-kdal2120119-DFW X-Cache: MISS, HIT X-Cache-Hits: 0, 0 X-Timer: S1729856525.629115,VS0,VE1 Vary: Accept-Encoding
2024-10-25 11:42:04 UTC	1378	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 31 2e 31 20 7c 20 28 63 29 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 61 2e 64 6f 63 75 6d 65 6e 74 3f 62 28 61 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72 65 71 75 69 72 65 73 20 61 20 77 69 6e 64 6f 77 20 77 Data Ascii: /! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license /!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window w
2024-10-25 11:42:04 UTC	1378	IN	Data Raw: 3e 3d 30 26 26 63 3c 62 3f 5b 74 68 69 73 5b 63 5d 5d 3a 5b 5d 29 7d 2c 65 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 70 72 65 76 4f 62 6a 65 63 74 7c 7c 74 68 69 73 2e 63 6f 6e 73 74 72 75 63 74 6f 72 28 29 7d 2c 70 75 73 68 3a 68 2c 73 6f 72 74 3a 63 2e 73 6f 72 74 2c 73 70 6c 69 63 65 3a 63 2e 73 70 6c 69 63 65 7d 2c 72 2e 65 78 74 65 6e 64 3d 72 2e 66 6e 2e 65 78 74 65 6e 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 2c 62 2c 63 2c 64 2c 65 2c 66 2c 67 3d 61 72 67 75 6d 65 6e 74 73 5b 30 5d 7c 7c 7b 7d 2c 68 3d 31 2c 69 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 2c 6a 3d 21 31 3b 66 6f 72 28 22 62 6f 6f 6c 65 61 6e 22 3d 3d 74 79 70 65 6f 66 20 67 26 26 28 6a 3d 67 2c 67 3d 61 72 67 75 6d 65 6e 74 73 Data Ascii: >=0&&c<b?[this[c]]:[])},end:function(){return this.prevObject\|\|this.constructor()},push:h,sort:c.sort,splice:c.splice},r.extend=r.fn.extend=function(){var a,b,c,d,e,f,g=arguments[0]\|\|{},h=1,i=arguments.length,j=!1;for("boolean"==typeof g&&(j=g,g=arguments
2024-10-25 11:42:04 UTC	1378	IN	Data Raw: 6e 20 61 2e 6e 6f 64 65 4e 61 6d 65 26 26 61 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3d 3d 3d 62 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 7d 2c 65 61 63 68 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 2c 64 3d 30 3b 69 66 28 77 28 61 29 29 7b 66 6f 72 28 63 3d 61 2e 6c 65 6e 67 74 68 3b 64 3c 63 3b 64 2b 2b 29 69 66 28 62 2e 63 61 6c 6c 28 61 5b 64 5d 2c 64 2c 61 5b 64 5d 29 3d 3d 3d 21 31 29 62 72 65 61 6b 7d 65 6c 73 65 20 66 6f 72 28 64 20 69 6e 20 61 29 69 66 28 62 2e 63 61 6c 6c 28 61 5b 64 5d 2c 64 2c 61 5b 64 5d 29 3d 3d 3d 21 31 29 62 72 65 61 6b 3b 72 65 74 75 72 6e 20 61 7d 2c 74 72 69 6d 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 61 3f 22 22 3a 28 61 2b 22 22 29 2e Data Ascii: n a.nodeName&&a.nodeName.toLowerCase()===b.toLowerCase()},each:function(a,b){var c,d=0;if(w(a)){for(c=a.length;d<c;d++)if(b.call(a[d],d,a[d])===!1)break}else for(d in a)if(b.call(a[d],d,a[d])===!1)break;return a},trim:function(a){return null==a?"":(a+"").
2024-10-25 11:42:04 UTC	1378	IN	Data Raw: 61 72 72 61 79 22 3d 3d 3d 63 7c 7c 30 3d 3d 3d 62 7c 7c 22 6e 75 6d 62 65 72 22 3d 3d 74 79 70 65 6f 66 20 62 26 26 62 3e 30 26 26 62 2d 31 20 69 6e 20 61 29 7d 76 61 72 20 78 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 2c 63 2c 64 2c 65 2c 66 2c 67 2c 68 2c 69 2c 6a 2c 6b 2c 6c 2c 6d 2c 6e 2c 6f 2c 70 2c 71 2c 72 2c 73 2c 74 2c 75 3d 22 73 69 7a 7a 6c 65 22 2b 31 2a 6e 65 77 20 44 61 74 65 2c 76 3d 61 2e 64 6f 63 75 6d 65 6e 74 2c 77 3d 30 2c 78 3d 30 2c 79 3d 68 61 28 29 2c 7a 3d 68 61 28 29 2c 41 3d 68 61 28 29 2c 42 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 61 3d 3d 3d 62 26 26 28 6c 3d 21 30 29 2c 30 7d 2c 43 3d 7b 7d 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2c 44 3d 5b 5d 2c 45 3d 44 2e 70 6f 70 2c 46 3d 44 2e Data Ascii: array"===c\|\|0===b\|\|"number"==typeof b&&b>0&&b-1 in a)}var x=function(a){var b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u="sizzle"+1*new Date,v=a.document,w=0,x=0,y=ha(),z=ha(),A=ha(),B=function(a,b){return a===b&&(l=!0),0},C={}.hasOwnProperty,D=[],E=D.pop,F=D.
2024-10-25 11:42:04 UTC	1378	IN	Data Raw: 70 28 22 5e 22 2b 4b 2b 22 2a 5b 3e 2b 7e 5d 7c 3a 28 65 76 65 6e 7c 6f 64 64 7c 65 71 7c 67 74 7c 6c 74 7c 6e 74 68 7c 66 69 72 73 74 7c 6c 61 73 74 29 28 3f 3a 5c 5c 28 22 2b 4b 2b 22 2a 28 28 3f 3a 2d 5c 5c 64 29 3f 5c 5c 64 2a 29 22 2b 4b 2b 22 2a 5c 5c 29 7c 29 28 3f 3d 5b 5e 2d 5d 7c 24 29 22 2c 22 69 22 29 7d 2c 57 3d 2f 5e 28 3f 3a 69 6e 70 75 74 7c 73 65 6c 65 63 74 7c 74 65 78 74 61 72 65 61 7c 62 75 74 74 6f 6e 29 24 2f 69 2c 58 3d 2f 5e 68 5c 64 24 2f 69 2c 59 3d 2f 5e 5b 5e 7b 5d 2b 5c 7b 5c 73 2a 5c 5b 6e 61 74 69 76 65 20 5c 77 2f 2c 5a 3d 2f 5e 28 3f 3a 23 28 5b 5c 77 2d 5d 2b 29 7c 28 5c 77 2b 29 7c 5c 2e 28 5b 5c 77 2d 5d 2b 29 29 24 2f 2c 24 3d 2f 5b 2b 7e 5d 2f 2c 5f 3d 6e 65 77 20 52 65 67 45 78 70 28 22 5c 5c 5c 5c 28 5b 5c 5c 64 61 Data Ascii: p("^"+K+"[>+~]\|:(even\|odd\|eq\|gt\|lt\|nth\|first\|last)(?:\\("+K+"((?:-\\d)?\\d)"+K+"\\)\|)(?=[^-]\|$)","i")},W=/^(?:input\|select\|textarea\|button)$/i,X=/^h\d$/i,Y=/^[^{]+\{\s*\[native \w/,Z=/^(?:#([\w-]+)\|(\w+)\|\.([\w-]+))$/,$=/[+~]/,_=new RegExp("\\\\([\\da
2024-10-25 11:42:04 UTC	1378	IN	Data Raw: 5b 33 5d 29 26 26 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 26 26 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 29 72 65 74 75 72 6e 20 47 2e 61 70 70 6c 79 28 64 2c 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 28 66 29 29 2c 64 7d 69 66 28 63 2e 71 73 61 26 26 21 41 5b 61 2b 22 20 22 5d 26 26 28 21 71 7c 7c 21 71 2e 74 65 73 74 28 61 29 29 29 7b 69 66 28 31 21 3d 3d 77 29 73 3d 62 2c 72 3d 61 3b 65 6c 73 65 20 69 66 28 22 6f 62 6a 65 63 74 22 21 3d 3d 62 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 7b 28 6b 3d 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 29 29 3f 6b 3d 6b 2e 72 65 70 6c 61 63 65 28 62 61 2c 63 61 29 3a 62 2e 73 65 74 Data Ascii: [3])&&c.getElementsByClassName&&b.getElementsByClassName)return G.apply(d,b.getElementsByClassName(f)),d}if(c.qsa&&!A[a+" "]&&(!q\|\|!q.test(a))){if(1!==w)s=b,r=a;else if("object"!==b.nodeName.toLowerCase()){(k=b.getAttribute("id"))?k=k.replace(ba,ca):b.set
2024-10-25 11:42:04 UTC	1378	IN	Data Raw: 65 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 61 3a 62 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 61 3a 62 2e 69 73 44 69 73 61 62 6c 65 64 3d 3d 3d 61 7c 7c 62 2e 69 73 44 69 73 61 62 6c 65 64 21 3d 3d 21 61 26 26 65 61 28 62 29 3d 3d 3d 61 3a 62 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 61 3a 22 6c 61 62 65 6c 22 69 6e 20 62 26 26 62 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 61 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 61 28 61 29 7b 72 65 74 75 72 6e 20 69 61 28 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 62 3d 2b 62 2c 69 61 28 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 76 61 72 20 65 2c 66 3d 61 28 5b 5d 2c 63 2e 6c 65 6e 67 74 68 2c 62 29 2c 67 3d 66 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 67 2d 2d 29 63 5b 65 3d 66 5b 67 5d 5d 26 26 28 63 5b 65 5d 3d 21 28 64 5b 65 Data Ascii: e.disabled===a:b.disabled===a:b.isDisabled===a\|\|b.isDisabled!==!a&&ea(b)===a:b.disabled===a:"label"in b&&b.disabled===a}}function pa(a){return ia(function(b){return b=+b,ia(function(c,d){var e,f=a([],c.length,b),g=f.length;while(g--)c[e=f[g]]&&(c[e]=!(d[e
2024-10-25 11:42:04 UTC	1378	IN	Data Raw: 6e 20 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 63 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 26 26 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 28 22 69 64 22 29 3b 72 65 74 75 72 6e 20 63 26 26 63 2e 76 61 6c 75 65 3d 3d 3d 62 7d 7d 2c 64 2e 66 69 6e 64 2e 49 44 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 62 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 26 26 70 29 7b 76 61 72 20 63 2c 64 2c 65 2c 66 3d 62 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 61 29 3b 69 66 28 66 29 7b 69 66 28 63 3d 66 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 28 22 69 64 22 29 2c 63 26 26 63 2e 76 61 6c 75 65 Data Ascii: n function(a){var c="undefined"!=typeof a.getAttributeNode&&a.getAttributeNode("id");return c&&c.value===b}},d.find.ID=function(a,b){if("undefined"!=typeof b.getElementById&&p){var c,d,e,f=b.getElementById(a);if(f){if(c=f.getAttributeNode("id"),c&&c.value
2024-10-25 11:42:04 UTC	1378	IN	Data Raw: 62 6c 65 64 3d 27 64 69 73 61 62 6c 65 64 27 3e 3c 2f 61 3e 3c 73 65 6c 65 63 74 20 64 69 73 61 62 6c 65 64 3d 27 64 69 73 61 62 6c 65 64 27 3e 3c 6f 70 74 69 6f 6e 2f 3e 3c 2f 73 65 6c 65 63 74 3e 22 3b 76 61 72 20 62 3d 6e 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 6e 70 75 74 22 29 3b 62 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 74 79 70 65 22 2c 22 68 69 64 64 65 6e 22 29 2c 61 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 62 29 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 6e 61 6d 65 22 2c 22 44 22 29 2c 61 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 5b 6e 61 6d 65 3d 64 5d 22 29 2e 6c 65 6e 67 74 68 26 26 71 2e 70 75 73 68 28 22 6e 61 6d 65 22 2b 4b 2b 22 2a 5b 2a 5e 24 7c 21 7e 5d 3f 3d 22 29 2c 32 21 3d 3d 61 2e 71 75 65 72 79 53 Data Ascii: bled='disabled'></a><select disabled='disabled'><option/></select>";var b=n.createElement("input");b.setAttribute("type","hidden"),a.appendChild(b).setAttribute("name","D"),a.querySelectorAll("[name=d]").length&&q.push("name"+K+"[^$\|!~]?="),2!==a.queryS
2024-10-25 11:42:04 UTC	1378	IN	Data Raw: 44 6f 63 75 6d 65 6e 74 3d 3d 3d 76 26 26 74 28 76 2c 62 29 3f 31 3a 6b 3f 49 28 6b 2c 61 29 2d 49 28 6b 2c 62 29 3a 30 3a 34 26 64 3f 2d 31 3a 31 29 7d 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 61 3d 3d 3d 62 29 72 65 74 75 72 6e 20 6c 3d 21 30 2c 30 3b 76 61 72 20 63 2c 64 3d 30 2c 65 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 2c 66 3d 62 2e 70 61 72 65 6e 74 4e 6f 64 65 2c 67 3d 5b 61 5d 2c 68 3d 5b 62 5d 3b 69 66 28 21 65 7c 7c 21 66 29 72 65 74 75 72 6e 20 61 3d 3d 3d 6e 3f 2d 31 3a 62 3d 3d 3d 6e 3f 31 3a 65 3f 2d 31 3a 66 3f 31 3a 6b 3f 49 28 6b 2c 61 29 2d 49 28 6b 2c 62 29 3a 30 3b 69 66 28 65 3d 3d 3d 66 29 72 65 74 75 72 6e 20 6c 61 28 61 2c 62 29 3b 63 3d 61 3b 77 68 69 6c 65 28 63 3d 63 2e 70 61 72 65 6e 74 4e 6f 64 65 29 67 2e 75 6e Data Ascii: Document===v&&t(v,b)?1:k?I(k,a)-I(k,b):0:4&d?-1:1)}:function(a,b){if(a===b)return l=!0,0;var c,d=0,e=a.parentNode,f=b.parentNode,g=[a],h=[b];if(!e\|\|!f)return a===n?-1:b===n?1:e?-1:f?1:k?I(k,a)-I(k,b):0;if(e===f)return la(a,b);c=a;while(c=c.parentNode)g.un

Timestamp	Bytes transferred	Direction	Data
2024-10-25 11:42:04 UTC	602	OUT	GET /jquery-3.2.1.slim.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: null sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning" sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-25 11:42:04 UTC	610	IN	HTTP/1.1 200 OK Connection: close Content-Length: 69597 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-10fdd" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Fri, 25 Oct 2024 11:42:04 GMT Age: 3112855 X-Served-By: cache-lga21963-LGA, cache-dfw-kdal2120110-DFW X-Cache: HIT, HIT X-Cache-Hits: 6, 3 X-Timer: S1729856525.641133,VS0,VE0 Vary: Accept-Encoding
2024-10-25 11:42:04 UTC	16384	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 32 2e 31 20 2d 61 6a 61 78 2c 2d 61 6a 61 78 2f 6a 73 6f 6e 70 2c 2d 61 6a 61 78 2f 6c 6f 61 64 2c 2d 61 6a 61 78 2f 70 61 72 73 65 58 4d 4c 2c 2d 61 6a 61 78 2f 73 63 72 69 70 74 2c 2d 61 6a 61 78 2f 76 61 72 2f 6c 6f 63 61 74 69 6f 6e 2c 2d 61 6a 61 78 2f 76 61 72 2f 6e 6f 6e 63 65 2c 2d 61 6a 61 78 2f 76 61 72 2f 72 71 75 65 72 79 2c 2d 61 6a 61 78 2f 78 68 72 2c 2d 6d 61 6e 69 70 75 6c 61 74 69 6f 6e 2f 5f 65 76 61 6c 55 72 6c 2c 2d 65 76 65 6e 74 2f 61 6a 61 78 2c 2d 65 66 66 65 63 74 73 2c 2d 65 66 66 65 63 74 73 2f 54 77 65 65 6e 2c 2d 65 66 66 65 63 74 73 2f 61 6e 69 6d 61 74 65 64 53 65 6c 65 63 74 6f 72 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e Data Ascii: /*! jQuery v3.2.1 -ajax,-ajax/jsonp,-ajax/load,-ajax/parseXML,-ajax/script,-ajax/var/location,-ajax/var/nonce,-ajax/var/rquery,-ajax/xhr,-manipulation/_evalUrl,-event/ajax,-effects,-effects/Tween,-effects/animatedSelector \| (c) JS Foundation and other con
2024-10-25 11:42:04 UTC	16384	IN	Data Raw: 7c 5b 5d 2c 6e 3d 6a 5b 30 5d 3d 3d 3d 77 26 26 6a 5b 31 5d 2c 74 3d 6e 26 26 6a 5b 32 5d 2c 6d 3d 6e 26 26 71 2e 63 68 69 6c 64 4e 6f 64 65 73 5b 6e 5d 3b 77 68 69 6c 65 28 6d 3d 2b 2b 6e 26 26 6d 26 26 6d 5b 70 5d 7c 7c 28 74 3d 6e 3d 30 29 7c 7c 6f 2e 70 6f 70 28 29 29 69 66 28 31 3d 3d 3d 6d 2e 6e 6f 64 65 54 79 70 65 26 26 2b 2b 74 26 26 6d 3d 3d 3d 62 29 7b 6b 5b 61 5d 3d 5b 77 2c 6e 2c 74 5d 3b 62 72 65 61 6b 7d 7d 65 6c 73 65 20 69 66 28 73 26 26 28 6d 3d 62 2c 6c 3d 6d 5b 75 5d 7c 7c 28 6d 5b 75 5d 3d 7b 7d 29 2c 6b 3d 6c 5b 6d 2e 75 6e 69 71 75 65 49 44 5d 7c 7c 28 6c 5b 6d 2e 75 6e 69 71 75 65 49 44 5d 3d 7b 7d 29 2c 6a 3d 6b 5b 61 5d 7c 7c 5b 5d 2c 6e 3d 6a 5b 30 5d 3d 3d 3d 77 26 26 6a 5b 31 5d 2c 74 3d 6e 29 2c 74 3d 3d 3d 21 31 29 77 68 69 Data Ascii: \|[],n=j[0]===w&&j[1],t=n&&j[2],m=n&&q.childNodes[n];while(m=++n&&m&&m[p]\|\|(t=n=0)\|\|o.pop())if(1===m.nodeType&&++t&&m===b){k[a]=[w,n,t];break}}else if(s&&(m=b,l=m[u]\|\|(m[u]={}),k=l[m.uniqueID]\|\|(l[m.uniqueID]={}),j=k[a]\|\|[],n=j[0]===w&&j[1],t=n),t===!1)whi
2024-10-25 11:42:05 UTC	16384	IN	Data Raw: 65 2c 66 2c 67 29 7b 76 61 72 20 68 3d 30 2c 69 3d 61 2e 6c 65 6e 67 74 68 2c 6a 3d 6e 75 6c 6c 3d 3d 63 3b 69 66 28 22 6f 62 6a 65 63 74 22 3d 3d 3d 72 2e 74 79 70 65 28 63 29 29 7b 65 3d 21 30 3b 66 6f 72 28 68 20 69 6e 20 63 29 54 28 61 2c 62 2c 68 2c 63 5b 68 5d 2c 21 30 2c 66 2c 67 29 7d 65 6c 73 65 20 69 66 28 76 6f 69 64 20 30 21 3d 3d 64 26 26 28 65 3d 21 30 2c 72 2e 69 73 46 75 6e 63 74 69 6f 6e 28 64 29 7c 7c 28 67 3d 21 30 29 2c 6a 26 26 28 67 3f 28 62 2e 63 61 6c 6c 28 61 2c 64 29 2c 62 3d 6e 75 6c 6c 29 3a 28 6a 3d 62 2c 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 72 65 74 75 72 6e 20 6a 2e 63 61 6c 6c 28 72 28 61 29 2c 63 29 7d 29 29 2c 62 29 29 66 6f 72 28 3b 68 3c 69 3b 68 2b 2b 29 62 28 61 5b 68 5d 2c 63 2c 67 3f 64 3a 64 2e 63 Data Ascii: e,f,g){var h=0,i=a.length,j=null==c;if("object"===r.type(c)){e=!0;for(h in c)T(a,b,h,c[h],!0,f,g)}else if(void 0!==d&&(e=!0,r.isFunction(d)\|\|(g=!0),j&&(g?(b.call(a,d),b=null):(j=b,b=function(a,b,c){return j.call(r(a),c)})),b))for(;h<i;h++)b(a[h],c,g?d:d.c
2024-10-25 11:42:05 UTC	16384	IN	Data Raw: 6f 5d 29 7b 69 66 28 62 2e 65 76 65 6e 74 73 29 66 6f 72 28 64 20 69 6e 20 62 2e 65 76 65 6e 74 73 29 65 5b 64 5d 3f 72 2e 65 76 65 6e 74 2e 72 65 6d 6f 76 65 28 63 2c 64 29 3a 72 2e 72 65 6d 6f 76 65 45 76 65 6e 74 28 63 2c 64 2c 62 2e 68 61 6e 64 6c 65 29 3b 63 5b 57 2e 65 78 70 61 6e 64 6f 5d 3d 76 6f 69 64 20 30 7d 63 5b 58 2e 65 78 70 61 6e 64 6f 5d 26 26 28 63 5b 58 2e 65 78 70 61 6e 64 6f 5d 3d 76 6f 69 64 20 30 29 7d 7d 7d 29 2c 72 2e 66 6e 2e 65 78 74 65 6e 64 28 7b 64 65 74 61 63 68 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 4b 61 28 74 68 69 73 2c 61 2c 21 30 29 7d 2c 72 65 6d 6f 76 65 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 4b 61 28 74 68 69 73 2c 61 29 7d 2c 74 65 78 74 3a 66 75 6e 63 74 69 6f 6e 28 61 29 Data Ascii: o]){if(b.events)for(d in b.events)e[d]?r.event.remove(c,d):r.removeEvent(c,d,b.handle);c[W.expando]=void 0}c[X.expando]&&(c[X.expando]=void 0)}}}),r.fn.extend({detach:function(a){return Ka(this,a,!0)},remove:function(a){return Ka(this,a)},text:function(a)
2024-10-25 11:42:05 UTC	4061	IN	Data Raw: 46 75 6e 63 74 69 6f 6e 28 61 29 3f 74 68 69 73 2e 65 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 28 74 68 69 73 29 2e 77 72 61 70 49 6e 6e 65 72 28 61 2e 63 61 6c 6c 28 74 68 69 73 2c 62 29 29 7d 29 3a 74 68 69 73 2e 65 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 62 3d 72 28 74 68 69 73 29 2c 63 3d 62 2e 63 6f 6e 74 65 6e 74 73 28 29 3b 63 2e 6c 65 6e 67 74 68 3f 63 2e 77 72 61 70 41 6c 6c 28 61 29 3a 62 2e 61 70 70 65 6e 64 28 61 29 7d 29 7d 2c 77 72 61 70 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 72 2e 69 73 46 75 6e 63 74 69 6f 6e 28 61 29 3b 72 65 74 75 72 6e 20 74 68 69 73 2e 65 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 63 29 7b 72 28 74 68 69 73 29 2e 77 72 61 70 41 6c 6c 28 62 3f 61 2e 63 61 6c 6c 28 74 68 69 73 2c Data Ascii: Function(a)?this.each(function(b){r(this).wrapInner(a.call(this,b))}):this.each(function(){var b=r(this),c=b.contents();c.length?c.wrapAll(a):b.append(a)})},wrap:function(a){var b=r.isFunction(a);return this.each(function(c){r(this).wrapAll(b?a.call(this,

Timestamp	Bytes transferred	Direction	Data
2024-10-25 11:42:04 UTC	621	OUT	GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1 Host: maxcdn.bootstrapcdn.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: null sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning" sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-25 11:42:04 UTC	969	IN	HTTP/1.1 200 OK Date: Fri, 25 Oct 2024 11:42:04 GMT Content-Type: application/javascript; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Vary: Accept-Encoding CDN-PullZone: 252412 CDN-Uid: b1941f61-b576-4f40-80de-5677acb38f74 CDN-RequestCountryCode: US Access-Control-Allow-Origin: * Cache-Control: public, max-age=31919000 ETag: W/"14d449eb8876fa55e1ef3c2cc52b0c17" Last-Modified: Mon, 25 Jan 2021 22:04:04 GMT CDN-ProxyVer: 1.04 CDN-RequestPullSuccess: True CDN-RequestPullCode: 200 CDN-CachedAt: 04/02/2024 02:05:57 CDN-EdgeStorageId: 1067 timing-allow-origin: * cross-origin-resource-policy: cross-origin X-Content-Type-Options: nosniff CDN-Status: 200 CDN-RequestId: 06e0754157d6f9aec1b2420345839466 CDN-Cache: HIT CF-Cache-Status: HIT Age: 146103 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Server: cloudflare CF-RAY: 8d81f0ef081b6bd7-DFW alt-svc: h3=":443"; ma=86400
2024-10-25 11:42:04 UTC	400	IN	Data Raw: 37 62 65 61 0d 0a 2f 2a 21 0a 20 20 2a 20 42 6f 6f 74 73 74 72 61 70 20 76 34 2e 30 2e 30 20 28 68 74 74 70 73 3a 2f 2f 67 65 74 62 6f 6f 74 73 74 72 61 70 2e 63 6f 6d 29 0a 20 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 31 38 20 54 68 65 20 42 6f 6f 74 73 74 72 61 70 20 41 75 74 68 6f 72 73 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 67 72 61 70 68 73 2f 63 6f 6e 74 72 69 62 75 74 6f 72 73 29 0a 20 20 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 4d 49 54 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 62 6c 6f 62 2f 6d 61 73 74 65 72 2f 4c 49 43 45 4e 53 45 29 0a 20 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 74 Data Ascii: 7bea/! Bootstrap v4.0.0 (https://getbootstrap.com) * Copyright 2011-2018 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors) * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) */!function(t
2024-10-25 11:42:04 UTC	1369	IN	Data Raw: 64 65 66 69 6e 65 28 5b 22 65 78 70 6f 72 74 73 22 2c 22 6a 71 75 65 72 79 22 2c 22 70 6f 70 70 65 72 2e 6a 73 22 5d 2c 65 29 3a 65 28 74 2e 62 6f 6f 74 73 74 72 61 70 3d 7b 7d 2c 74 2e 6a 51 75 65 72 79 2c 74 2e 50 6f 70 70 65 72 29 7d 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 69 28 74 2c 65 29 7b 66 6f 72 28 76 61 72 20 6e 3d 30 3b 6e 3c 65 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 7b 76 61 72 20 69 3d 65 5b 6e 5d 3b 69 2e 65 6e 75 6d 65 72 61 62 6c 65 3d 69 2e 65 6e 75 6d 65 72 61 62 6c 65 7c 7c 21 31 2c 69 2e 63 6f 6e 66 69 67 75 72 61 62 6c 65 3d 21 30 2c 22 76 61 6c 75 65 22 69 6e 20 69 26 26 28 69 2e 77 72 69 74 61 62 6c 65 3d 21 30 29 2c 4f 62 6a 65 63 74 2e 64 65 Data Ascii: define(["exports","jquery","popper.js"],e):e(t.bootstrap={},t.jQuery,t.Popper)}(this,function(t,e,n){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable\|\|!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.de
2024-10-25 11:42:04 UTC	1369	IN	Data Raw: 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 74 28 6e 29 2e 74 72 69 67 67 65 72 28 65 2e 65 6e 64 29 7d 2c 73 75 70 70 6f 72 74 73 54 72 61 6e 73 69 74 69 6f 6e 45 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 42 6f 6f 6c 65 61 6e 28 65 29 7d 2c 69 73 45 6c 65 6d 65 6e 74 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 28 74 5b 30 5d 7c 7c 74 29 2e 6e 6f 64 65 54 79 70 65 7d 2c 74 79 70 65 43 68 65 63 6b 43 6f 6e 66 69 67 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 66 6f 72 28 76 61 72 20 73 20 69 6e 20 6e 29 69 66 28 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 6e 2c 73 29 29 7b 76 61 72 20 72 3d 6e 5b 73 5d 2c 6f 3d 65 5b 73 5d 2c 61 3d 6f 26 26 69 2e 69 Data Ascii: nd:function(n){t(n).trigger(e.end)},supportsTransitionEnd:function(){return Boolean(e)},isElement:function(t){return(t[0]\|\|t).nodeType},typeCheckConfig:function(t,e,n){for(var s in n)if(Object.prototype.hasOwnProperty.call(n,s)){var r=n[s],o=e[s],a=o&&i.i
2024-10-25 11:42:04 UTC	1369	IN	Data Raw: 76 61 72 20 65 3d 6f 2e 45 76 65 6e 74 28 75 2e 43 4c 4f 53 45 29 3b 72 65 74 75 72 6e 20 6f 28 74 29 2e 74 72 69 67 67 65 72 28 65 29 2c 65 7d 2c 65 2e 5f 72 65 6d 6f 76 65 45 6c 65 6d 65 6e 74 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 3d 74 68 69 73 3b 6f 28 74 29 2e 72 65 6d 6f 76 65 43 6c 61 73 73 28 5f 29 2c 50 2e 73 75 70 70 6f 72 74 73 54 72 61 6e 73 69 74 69 6f 6e 45 6e 64 28 29 26 26 6f 28 74 29 2e 68 61 73 43 6c 61 73 73 28 64 29 3f 6f 28 74 29 2e 6f 6e 65 28 50 2e 54 52 41 4e 53 49 54 49 4f 4e 5f 45 4e 44 2c 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 72 65 74 75 72 6e 20 65 2e 5f 64 65 73 74 72 6f 79 45 6c 65 6d 65 6e 74 28 74 2c 6e 29 7d 29 2e 65 6d 75 6c 61 74 65 54 72 61 6e 73 69 74 69 6f 6e 45 6e 64 28 31 35 30 29 3a 74 68 69 73 2e 5f Data Ascii: var e=o.Event(u.CLOSE);return o(t).trigger(e),e},e._removeElement=function(t){var e=this;o(t).removeClass(_),P.supportsTransitionEnd()&&o(t).hasClass(d)?o(t).one(P.TRANSITION_END,function(n){return e._destroyElement(t,n)}).emulateTransitionEnd(150):this._
2024-10-25 11:42:04 UTC	1369	IN	Data Raw: 3b 73 26 26 70 28 73 29 2e 72 65 6d 6f 76 65 43 6c 61 73 73 28 43 29 7d 69 66 28 74 29 7b 69 66 28 69 2e 68 61 73 41 74 74 72 69 62 75 74 65 28 22 64 69 73 61 62 6c 65 64 22 29 7c 7c 6e 2e 68 61 73 41 74 74 72 69 62 75 74 65 28 22 64 69 73 61 62 6c 65 64 22 29 7c 7c 69 2e 63 6c 61 73 73 4c 69 73 74 2e 63 6f 6e 74 61 69 6e 73 28 22 64 69 73 61 62 6c 65 64 22 29 7c 7c 6e 2e 63 6c 61 73 73 4c 69 73 74 2e 63 6f 6e 74 61 69 6e 73 28 22 64 69 73 61 62 6c 65 64 22 29 29 72 65 74 75 72 6e 3b 69 2e 63 68 65 63 6b 65 64 3d 21 70 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 29 2e 68 61 73 43 6c 61 73 73 28 43 29 2c 70 28 69 29 2e 74 72 69 67 67 65 72 28 22 63 68 61 6e 67 65 22 29 7d 69 2e 66 6f 63 75 73 28 29 2c 65 3d 21 31 7d 7d 65 26 26 74 68 69 73 2e 5f 65 6c 65 6d Data Ascii: ;s&&p(s).removeClass(C)}if(t){if(i.hasAttribute("disabled")\|\|n.hasAttribute("disabled")\|\|i.classList.contains("disabled")\|\|n.classList.contains("disabled"))return;i.checked=!p(this._element).hasClass(C),p(i).trigger("change")}i.focus(),e=!1}}e&&this._elem
2024-10-25 11:42:04 UTC	1369	IN	Data Raw: 52 3a 22 6d 6f 75 73 65 65 6e 74 65 72 22 2b 69 2c 4d 4f 55 53 45 4c 45 41 56 45 3a 22 6d 6f 75 73 65 6c 65 61 76 65 22 2b 69 2c 54 4f 55 43 48 45 4e 44 3a 22 74 6f 75 63 68 65 6e 64 22 2b 69 2c 4c 4f 41 44 5f 44 41 54 41 5f 41 50 49 3a 22 6c 6f 61 64 22 2b 69 2b 22 2e 64 61 74 61 2d 61 70 69 22 2c 43 4c 49 43 4b 5f 44 41 54 41 5f 41 50 49 3a 22 63 6c 69 63 6b 22 2b 69 2b 22 2e 64 61 74 61 2d 61 70 69 22 7d 2c 5f 3d 22 63 61 72 6f 75 73 65 6c 22 2c 67 3d 22 61 63 74 69 76 65 22 2c 70 3d 22 73 6c 69 64 65 22 2c 6d 3d 22 63 61 72 6f 75 73 65 6c 2d 69 74 65 6d 2d 72 69 67 68 74 22 2c 76 3d 22 63 61 72 6f 75 73 65 6c 2d 69 74 65 6d 2d 6c 65 66 74 22 2c 45 3d 22 63 61 72 6f 75 73 65 6c 2d 69 74 65 6d 2d 6e 65 78 74 22 2c 54 3d 22 63 61 72 6f 75 73 65 6c 2d 69 Data Ascii: R:"mouseenter"+i,MOUSELEAVE:"mouseleave"+i,TOUCHEND:"touchend"+i,LOAD_DATA_API:"load"+i+".data-api",CLICK_DATA_API:"click"+i+".data-api"},_="carousel",g="active",p="slide",m="carousel-item-right",v="carousel-item-left",E="carousel-item-next",T="carousel-i
2024-10-25 11:42:04 UTC	1369	IN	Data Raw: 72 76 61 6c 29 2c 74 68 69 73 2e 5f 69 6e 74 65 72 76 61 6c 3d 6e 75 6c 6c 29 2c 74 68 69 73 2e 5f 63 6f 6e 66 69 67 2e 69 6e 74 65 72 76 61 6c 26 26 21 74 68 69 73 2e 5f 69 73 50 61 75 73 65 64 26 26 28 74 68 69 73 2e 5f 69 6e 74 65 72 76 61 6c 3d 73 65 74 49 6e 74 65 72 76 61 6c 28 28 64 6f 63 75 6d 65 6e 74 2e 76 69 73 69 62 69 6c 69 74 79 53 74 61 74 65 3f 74 68 69 73 2e 6e 65 78 74 57 68 65 6e 56 69 73 69 62 6c 65 3a 74 68 69 73 2e 6e 65 78 74 29 2e 62 69 6e 64 28 74 68 69 73 29 2c 74 68 69 73 2e 5f 63 6f 6e 66 69 67 2e 69 6e 74 65 72 76 61 6c 29 29 7d 2c 43 2e 74 6f 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 6e 3d 74 68 69 73 3b 74 68 69 73 2e 5f 61 63 74 69 76 65 45 6c 65 6d 65 6e 74 3d 74 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 29 2e 66 Data Ascii: rval),this._interval=null),this._config.interval&&!this._isPaused&&(this._interval=setInterval((document.visibilityState?this.nextWhenVisible:this.next).bind(this),this._config.interval))},C.to=function(e){var n=this;this._activeElement=t(this._element).f
2024-10-25 11:42:04 UTC	1369	IN	Data Raw: 7b 69 66 28 21 2f 69 6e 70 75 74 7c 74 65 78 74 61 72 65 61 2f 69 2e 74 65 73 74 28 74 2e 74 61 72 67 65 74 2e 74 61 67 4e 61 6d 65 29 29 73 77 69 74 63 68 28 74 2e 77 68 69 63 68 29 7b 63 61 73 65 20 33 37 3a 74 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 2c 74 68 69 73 2e 70 72 65 76 28 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 33 39 3a 74 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 2c 74 68 69 73 2e 6e 65 78 74 28 29 7d 7d 2c 43 2e 5f 67 65 74 49 74 65 6d 49 6e 64 65 78 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 5f 69 74 65 6d 73 3d 74 2e 6d 61 6b 65 41 72 72 61 79 28 74 28 65 29 2e 70 61 72 65 6e 74 28 29 2e 66 69 6e 64 28 79 2e 49 54 45 4d 29 29 2c 74 68 69 73 2e 5f 69 74 65 6d 73 2e 69 6e 64 65 78 4f 66 28 Data Ascii: {if(!/input\|textarea/i.test(t.target.tagName))switch(t.which){case 37:t.preventDefault(),this.prev();break;case 39:t.preventDefault(),this.next()}},C._getItemIndex=function(e){return this._items=t.makeArray(t(e).parent().find(y.ITEM)),this._items.indexOf(
2024-10-25 11:42:04 UTC	1369	IN	Data Raw: 76 65 6e 74 28 64 2e 53 4c 49 44 2c 7b 72 65 6c 61 74 65 64 54 61 72 67 65 74 3a 63 2c 64 69 72 65 63 74 69 6f 6e 3a 72 2c 66 72 6f 6d 3a 6c 2c 74 6f 3a 5f 7d 29 3b 50 2e 73 75 70 70 6f 72 74 73 54 72 61 6e 73 69 74 69 6f 6e 45 6e 64 28 29 26 26 74 28 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 29 2e 68 61 73 43 6c 61 73 73 28 70 29 3f 28 74 28 63 29 2e 61 64 64 43 6c 61 73 73 28 73 29 2c 50 2e 72 65 66 6c 6f 77 28 63 29 2c 74 28 61 29 2e 61 64 64 43 6c 61 73 73 28 69 29 2c 74 28 63 29 2e 61 64 64 43 6c 61 73 73 28 69 29 2c 74 28 61 29 2e 6f 6e 65 28 50 2e 54 52 41 4e 53 49 54 49 4f 4e 5f 45 4e 44 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 74 28 63 29 2e 72 65 6d 6f 76 65 43 6c 61 73 73 28 69 2b 22 20 22 2b 73 29 2e 61 64 64 43 6c 61 73 73 28 67 29 2c 74 28 61 29 2e Data Ascii: vent(d.SLID,{relatedTarget:c,direction:r,from:l,to:_});P.supportsTransitionEnd()&&t(this._element).hasClass(p)?(t(c).addClass(s),P.reflow(c),t(a).addClass(i),t(c).addClass(i),t(a).one(P.TRANSITION_END,function(){t(c).removeClass(i+" "+s).addClass(g),t(a).
2024-10-25 11:42:04 UTC	1369	IN	Data Raw: 41 44 5f 44 41 54 41 5f 41 50 49 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 74 28 79 2e 44 41 54 41 5f 52 49 44 45 29 2e 65 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 74 28 74 68 69 73 29 3b 43 2e 5f 6a 51 75 65 72 79 49 6e 74 65 72 66 61 63 65 2e 63 61 6c 6c 28 65 2c 65 2e 64 61 74 61 28 29 29 7d 29 7d 29 2c 74 2e 66 6e 5b 65 5d 3d 43 2e 5f 6a 51 75 65 72 79 49 6e 74 65 72 66 61 63 65 2c 74 2e 66 6e 5b 65 5d 2e 43 6f 6e 73 74 72 75 63 74 6f 72 3d 43 2c 74 2e 66 6e 5b 65 5d 2e 6e 6f 43 6f 6e 66 6c 69 63 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 2e 66 6e 5b 65 5d 3d 6f 2c 43 2e 5f 6a 51 75 65 72 79 49 6e 74 65 72 66 61 63 65 7d 2c 43 7d 28 65 29 2c 48 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 3d 22 63 6f 6c 6c Data Ascii: AD_DATA_API,function(){t(y.DATA_RIDE).each(function(){var e=t(this);C._jQueryInterface.call(e,e.data())})}),t.fn[e]=C._jQueryInterface,t.fn[e].Constructor=C,t.fn[e].noConflict=function(){return t.fn[e]=o,C._jQueryInterface},C}(e),H=function(t){var e="coll

Timestamp	Bytes transferred	Direction	Data
2024-10-25 11:42:04 UTC	627	OUT	GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1 Host: cdnjs.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: null sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning" sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-25 11:42:04 UTC	954	IN	HTTP/1.1 200 OK Date: Fri, 25 Oct 2024 11:42:04 GMT Content-Type: application/javascript; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=30672000 ETag: W/"5eb03fa9-4af4" Last-Modified: Mon, 04 May 2020 16:15:37 GMT cf-cdnjs-via: cfworker/kv Cross-Origin-Resource-Policy: cross-origin Timing-Allow-Origin: * X-Content-Type-Options: nosniff CF-Cache-Status: HIT Age: 3636 Expires: Wed, 15 Oct 2025 11:42:04 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xozjhtTRjNlDTux8q%2F3%2BhNpE5cBXOPeOK7BbubEQ1VoPEcmgXUI9xnw95veMpAanWFOah0LRzP6AIS6Zwi5IBC91qdFECWgZ9jiZtSunqWfwzOp7Yw4eIKixwcnngob7qHDBxPcs"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} Strict-Transport-Security: max-age=15780000 Server: cloudflare CF-RAY: 8d81f0ef3a934743-DFW alt-svc: h3=":443"; ma=86400
2024-10-25 11:42:04 UTC	415	IN	Data Raw: 34 61 66 34 0d 0a 2f 2a 0a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 46 65 64 65 72 69 63 6f 20 5a 69 76 6f 6c 6f 20 32 30 31 37 0a 20 44 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 74 68 65 20 4d 49 54 20 4c 69 63 65 6e 73 65 20 28 6c 69 63 65 6e 73 65 20 74 65 72 6d 73 20 61 72 65 20 61 74 20 68 74 74 70 3a 2f 2f 6f 70 65 6e 73 6f 75 72 63 65 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 73 2f 4d 49 54 29 2e 0a 20 2a 2f 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 27 6f 62 6a 65 63 74 27 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 26 26 27 75 6e 64 65 66 69 6e 65 64 27 21 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 74 28 29 3a 27 66 75 6e 63 74 69 6f 6e 27 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 Data Ascii: 4af4/* Copyright (C) Federico Zivolo 2017 Distributed under the MIT License (license terms are at http://opensource.org/licenses/MIT). */(function(e,t){'object'==typeof exports&&'undefined'!=typeof module?module.exports=t():'function'==typeof define&
2024-10-25 11:42:04 UTC	1369	IN	Data Raw: 65 54 79 70 65 29 72 65 74 75 72 6e 5b 5d 3b 76 61 72 20 6f 3d 67 65 74 43 6f 6d 70 75 74 65 64 53 74 79 6c 65 28 65 2c 6e 75 6c 6c 29 3b 72 65 74 75 72 6e 20 74 3f 6f 5b 74 5d 3a 6f 7d 66 75 6e 63 74 69 6f 6e 20 6f 28 65 29 7b 72 65 74 75 72 6e 27 48 54 4d 4c 27 3d 3d 3d 65 2e 6e 6f 64 65 4e 61 6d 65 3f 65 3a 65 2e 70 61 72 65 6e 74 4e 6f 64 65 7c 7c 65 2e 68 6f 73 74 7d 66 75 6e 63 74 69 6f 6e 20 6e 28 65 29 7b 69 66 28 21 65 29 72 65 74 75 72 6e 20 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 3b 73 77 69 74 63 68 28 65 2e 6e 6f 64 65 4e 61 6d 65 29 7b 63 61 73 65 27 48 54 4d 4c 27 3a 63 61 73 65 27 42 4f 44 59 27 3a 72 65 74 75 72 6e 20 65 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 3b 63 61 73 65 27 23 64 6f 63 75 6d 65 6e 74 27 3a 72 65 74 75 Data Ascii: eType)return[];var o=getComputedStyle(e,null);return t?o[t]:o}function o(e){return'HTML'===e.nodeName?e:e.parentNode\|\|e.host}function n(e){if(!e)return document.body;switch(e.nodeName){case'HTML':case'BODY':return e.ownerDocument.body;case'#document':retu
2024-10-25 11:42:04 UTC	1369	IN	Data Raw: 3d 32 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 26 26 76 6f 69 64 20 30 21 3d 3d 61 72 67 75 6d 65 6e 74 73 5b 32 5d 26 26 61 72 67 75 6d 65 6e 74 73 5b 32 5d 2c 69 3d 61 28 74 2c 27 74 6f 70 27 29 2c 6e 3d 61 28 74 2c 27 6c 65 66 74 27 29 2c 72 3d 6f 3f 2d 31 3a 31 3b 72 65 74 75 72 6e 20 65 2e 74 6f 70 2b 3d 69 2a 72 2c 65 2e 62 6f 74 74 6f 6d 2b 3d 69 2a 72 2c 65 2e 6c 65 66 74 2b 3d 6e 2a 72 2c 65 2e 72 69 67 68 74 2b 3d 6e 2a 72 2c 65 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 29 7b 76 61 72 20 6f 3d 27 78 27 3d 3d 3d 74 3f 27 4c 65 66 74 27 3a 27 54 6f 70 27 2c 69 3d 27 4c 65 66 74 27 3d 3d 6f 3f 27 52 69 67 68 74 27 3a 27 42 6f 74 74 6f 6d 27 3b 72 65 74 75 72 6e 20 70 61 72 73 65 46 6c 6f 61 74 28 65 5b 27 62 6f 72 64 65 72 27 2b 6f 2b Data Ascii: =2<arguments.length&&void 0!==arguments[2]&&arguments[2],i=a(t,'top'),n=a(t,'left'),r=o?-1:1;return e.top+=ir,e.bottom+=ir,e.left+=nr,e.right+=nr,e}function f(e,t){var o='x'===t?'Left':'Top',i='Left'==o?'Right':'Bottom';return parseFloat(e['border'+o+
2024-10-25 11:42:04 UTC	1369	IN	Data Raw: 70 2d 73 2e 74 6f 70 2d 66 2c 6c 65 66 74 3a 70 2e 6c 65 66 74 2d 73 2e 6c 65 66 74 2d 6d 2c 77 69 64 74 68 3a 70 2e 77 69 64 74 68 2c 68 65 69 67 68 74 3a 70 2e 68 65 69 67 68 74 7d 29 3b 69 66 28 68 2e 6d 61 72 67 69 6e 54 6f 70 3d 30 2c 68 2e 6d 61 72 67 69 6e 4c 65 66 74 3d 30 2c 21 69 26 26 72 29 7b 76 61 72 20 75 3d 70 61 72 73 65 46 6c 6f 61 74 28 61 2e 6d 61 72 67 69 6e 54 6f 70 2c 31 30 29 2c 62 3d 70 61 72 73 65 46 6c 6f 61 74 28 61 2e 6d 61 72 67 69 6e 4c 65 66 74 2c 31 30 29 3b 68 2e 74 6f 70 2d 3d 66 2d 75 2c 68 2e 62 6f 74 74 6f 6d 2d 3d 66 2d 75 2c 68 2e 6c 65 66 74 2d 3d 6d 2d 62 2c 68 2e 72 69 67 68 74 2d 3d 6d 2d 62 2c 68 2e 6d 61 72 67 69 6e 54 6f 70 3d 75 2c 68 2e 6d 61 72 67 69 6e 4c 65 66 74 3d 62 7d 72 65 74 75 72 6e 28 69 3f 6f 2e Data Ascii: p-s.top-f,left:p.left-s.left-m,width:p.width,height:p.height});if(h.marginTop=0,h.marginLeft=0,!i&&r){var u=parseFloat(a.marginTop,10),b=parseFloat(a.marginLeft,10);h.top-=f-u,h.bottom-=f-u,h.left-=m-b,h.right-=m-b,h.marginTop=u,h.marginLeft=b}return(i?o.
2024-10-25 11:42:04 UTC	1369	IN	Data Raw: 68 65 69 67 68 74 7d 2c 62 6f 74 74 6f 6d 3a 7b 77 69 64 74 68 3a 70 2e 77 69 64 74 68 2c 68 65 69 67 68 74 3a 70 2e 62 6f 74 74 6f 6d 2d 74 2e 62 6f 74 74 6f 6d 7d 2c 6c 65 66 74 3a 7b 77 69 64 74 68 3a 74 2e 6c 65 66 74 2d 70 2e 6c 65 66 74 2c 68 65 69 67 68 74 3a 70 2e 68 65 69 67 68 74 7d 7d 2c 64 3d 4f 62 6a 65 63 74 2e 6b 65 79 73 28 73 29 2e 6d 61 70 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 73 65 28 7b 6b 65 79 3a 65 7d 2c 73 5b 65 5d 2c 7b 61 72 65 61 3a 45 28 73 5b 65 5d 29 7d 29 7d 29 2e 73 6f 72 74 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 74 2e 61 72 65 61 2d 65 2e 61 72 65 61 7d 29 2c 61 3d 64 2e 66 69 6c 74 65 72 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 65 2e 77 69 64 74 68 2c 69 3d Data Ascii: height},bottom:{width:p.width,height:p.bottom-t.bottom},left:{width:t.left-p.left,height:p.height}},d=Object.keys(s).map(function(e){return se({key:e},s[e],{area:E(s[e])})}).sort(function(e,t){return t.area-e.area}),a=d.filter(function(e){var t=e.width,i=
2024-10-25 11:42:04 UTC	1369	IN	Data Raw: 28 27 60 6d 6f 64 69 66 69 65 72 2e 66 75 6e 63 74 69 6f 6e 60 20 69 73 20 64 65 70 72 65 63 61 74 65 64 2c 20 75 73 65 20 60 6d 6f 64 69 66 69 65 72 2e 66 6e 60 21 27 29 3b 76 61 72 20 69 3d 74 5b 27 66 75 6e 63 74 69 6f 6e 27 5d 7c 7c 74 2e 66 6e 3b 74 2e 65 6e 61 62 6c 65 64 26 26 65 28 69 29 26 26 28 6f 2e 6f 66 66 73 65 74 73 2e 70 6f 70 70 65 72 3d 63 28 6f 2e 6f 66 66 73 65 74 73 2e 70 6f 70 70 65 72 29 2c 6f 2e 6f 66 66 73 65 74 73 2e 72 65 66 65 72 65 6e 63 65 3d 63 28 6f 2e 6f 66 66 73 65 74 73 2e 72 65 66 65 72 65 6e 63 65 29 2c 6f 3d 69 28 6f 2c 74 29 29 7d 29 2c 6f 7d 66 75 6e 63 74 69 6f 6e 20 4e 28 29 7b 69 66 28 21 74 68 69 73 2e 73 74 61 74 65 2e 69 73 44 65 73 74 72 6f 79 65 64 29 7b 76 61 72 20 65 3d 7b 69 6e 73 74 61 6e 63 65 3a 74 68 Data Ascii: ('`modifier.function` is deprecated, use `modifier.fn`!');var i=t['function']\|\|t.fn;t.enabled&&e(i)&&(o.offsets.popper=c(o.offsets.popper),o.offsets.reference=c(o.offsets.reference),o=i(o,t))}),o}function N(){if(!this.state.isDestroyed){var e={instance:th
2024-10-25 11:42:04 UTC	1369	IN	Data Raw: 69 6f 6e 73 2e 72 65 6d 6f 76 65 4f 6e 44 65 73 74 72 6f 79 26 26 74 68 69 73 2e 70 6f 70 70 65 72 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 72 65 6d 6f 76 65 43 68 69 6c 64 28 74 68 69 73 2e 70 6f 70 70 65 72 29 2c 74 68 69 73 7d 66 75 6e 63 74 69 6f 6e 20 42 28 65 29 7b 76 61 72 20 74 3d 65 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 3b 72 65 74 75 72 6e 20 74 3f 74 2e 64 65 66 61 75 6c 74 56 69 65 77 3a 77 69 6e 64 6f 77 7d 66 75 6e 63 74 69 6f 6e 20 48 28 65 2c 74 2c 6f 2c 69 29 7b 76 61 72 20 72 3d 27 42 4f 44 59 27 3d 3d 3d 65 2e 6e 6f 64 65 4e 61 6d 65 2c 70 3d 72 3f 65 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 2e 64 65 66 61 75 6c 74 56 69 65 77 3a 65 3b 70 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 74 2c 6f 2c 7b 70 61 73 73 69 76 65 3a 21 30 Data Ascii: ions.removeOnDestroy&&this.popper.parentNode.removeChild(this.popper),this}function B(e){var t=e.ownerDocument;return t?t.defaultView:window}function H(e,t,o,i){var r='BODY'===e.nodeName,p=r?e.ownerDocument.defaultView:e;p.addEventListener(t,o,{passive:!0
2024-10-25 11:42:04 UTC	1369	IN	Data Raw: 3d 3d 74 7d 29 2c 6e 3d 21 21 69 26 26 65 2e 73 6f 6d 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 2e 6e 61 6d 65 3d 3d 3d 6f 26 26 65 2e 65 6e 61 62 6c 65 64 26 26 65 2e 6f 72 64 65 72 3c 69 2e 6f 72 64 65 72 7d 29 3b 69 66 28 21 6e 29 7b 76 61 72 20 72 3d 27 60 27 2b 74 2b 27 60 27 3b 63 6f 6e 73 6f 6c 65 2e 77 61 72 6e 28 27 60 27 2b 6f 2b 27 60 27 2b 27 20 6d 6f 64 69 66 69 65 72 20 69 73 20 72 65 71 75 69 72 65 64 20 62 79 20 27 2b 72 2b 27 20 6d 6f 64 69 66 69 65 72 20 69 6e 20 6f 72 64 65 72 20 74 6f 20 77 6f 72 6b 2c 20 62 65 20 73 75 72 65 20 74 6f 20 69 6e 63 6c 75 64 65 20 69 74 20 62 65 66 6f 72 65 20 27 2b 72 2b 27 21 27 29 7d 72 65 74 75 72 6e 20 6e 7d 66 75 6e 63 74 69 6f 6e 20 4b 28 65 29 7b 72 65 74 75 72 6e 27 65 6e Data Ascii: ==t}),n=!!i&&e.some(function(e){return e.name===o&&e.enabled&&e.order<i.order});if(!n){var r='`'+t+'`';console.warn('`'+o+'`'+' modifier is required by '+r+' modifier in order to work, be sure to include it before '+r+'!')}return n}function K(e){return'en
2024-10-25 11:42:04 UTC	1369	IN	Data Raw: 3d 3d 65 5b 65 2e 6c 65 6e 67 74 68 2d 31 5d 26 26 2d 31 21 3d 3d 5b 27 2b 27 2c 27 2d 27 5d 2e 69 6e 64 65 78 4f 66 28 74 29 3f 28 65 5b 65 2e 6c 65 6e 67 74 68 2d 31 5d 3d 74 2c 70 3d 21 30 2c 65 29 3a 70 3f 28 65 5b 65 2e 6c 65 6e 67 74 68 2d 31 5d 2b 3d 74 2c 70 3d 21 31 2c 65 29 3a 65 2e 63 6f 6e 63 61 74 28 74 29 7d 2c 5b 5d 29 2e 6d 61 70 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 56 28 65 2c 6e 2c 74 2c 6f 29 7d 29 7d 29 2c 61 2e 66 6f 72 45 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 65 2e 66 6f 72 45 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 6f 2c 69 29 7b 55 28 6f 29 26 26 28 6e 5b 74 5d 2b 3d 6f 2a 28 27 2d 27 3d 3d 3d 65 5b 69 2d 31 5d 3f 2d 31 3a 31 29 29 7d 29 7d 29 2c 6e 7d 66 75 6e 63 74 69 6f 6e 20 47 28 65 2c 74 Data Ascii: ==e[e.length-1]&&-1!==['+','-'].indexOf(t)?(e[e.length-1]=t,p=!0,e):p?(e[e.length-1]+=t,p=!1,e):e.concat(t)},[]).map(function(e){return V(e,n,t,o)})}),a.forEach(function(e,t){e.forEach(function(o,i){U(o)&&(n[t]+=o*('-'===e[i-1]?-1:1))})}),n}function G(e,t
2024-10-25 11:42:04 UTC	1369	IN	Data Raw: 26 65 28 74 2e 70 72 6f 74 6f 74 79 70 65 2c 6f 29 2c 69 26 26 65 28 74 2c 69 29 2c 74 7d 7d 28 29 2c 70 65 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6f 29 7b 72 65 74 75 72 6e 20 74 20 69 6e 20 65 3f 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 65 2c 74 2c 7b 76 61 6c 75 65 3a 6f 2c 65 6e 75 6d 65 72 61 62 6c 65 3a 21 30 2c 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 2c 77 72 69 74 61 62 6c 65 3a 21 30 7d 29 3a 65 5b 74 5d 3d 6f 2c 65 7d 2c 73 65 3d 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 7c 7c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 2c 6f 3d 31 3b 6f 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 6f 2b 2b 29 66 6f 72 28 76 61 72 20 69 20 69 6e 20 74 3d 61 72 67 75 6d 65 6e 74 73 5b 6f 5d 2c 74 29 4f 62 Data Ascii: &e(t.prototype,o),i&&e(t,i),t}}(),pe=function(e,t,o){return t in e?Object.defineProperty(e,t,{value:o,enumerable:!0,configurable:!0,writable:!0}):e[t]=o,e},se=Object.assign\|\|function(e){for(var t,o=1;o<arguments.length;o++)for(var i in t=arguments[o],t)Ob

Timestamp	Bytes transferred	Direction	Data
2024-10-25 11:42:05 UTC	358	OUT	GET /jquery-3.1.1.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-25 11:42:06 UTC	566	IN	HTTP/1.1 200 OK Connection: close Content-Length: 86709 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-152b5" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Fri, 25 Oct 2024 11:42:05 GMT Age: 793242 X-Served-By: cache-lga21947-LGA, cache-dfw-kdal2120051-DFW X-Cache: MISS, HIT X-Cache-Hits: 0, 1 X-Timer: S1729856526.948327,VS0,VE1 Vary: Accept-Encoding
2024-10-25 11:42:06 UTC	16384	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 31 2e 31 20 7c 20 28 63 29 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 61 2e 64 6f 63 75 6d 65 6e 74 3f 62 28 61 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72 65 71 75 69 72 65 73 20 61 20 77 69 6e 64 6f 77 20 77 Data Ascii: /! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license /!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window w
2024-10-25 11:42:06 UTC	16384	IN	Data Raw: 3d 3d 3d 6d 2e 6e 6f 64 65 54 79 70 65 29 26 26 2b 2b 74 26 26 28 73 26 26 28 6c 3d 6d 5b 75 5d 7c 7c 28 6d 5b 75 5d 3d 7b 7d 29 2c 6b 3d 6c 5b 6d 2e 75 6e 69 71 75 65 49 44 5d 7c 7c 28 6c 5b 6d 2e 75 6e 69 71 75 65 49 44 5d 3d 7b 7d 29 2c 6b 5b 61 5d 3d 5b 77 2c 74 5d 29 2c 6d 3d 3d 3d 62 29 29 62 72 65 61 6b 3b 72 65 74 75 72 6e 20 74 2d 3d 65 2c 74 3d 3d 3d 64 7c 7c 74 25 64 3d 3d 3d 30 26 26 74 2f 64 3e 3d 30 7d 7d 7d 2c 50 53 45 55 44 4f 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 2c 65 3d 64 2e 70 73 65 75 64 6f 73 5b 61 5d 7c 7c 64 2e 73 65 74 46 69 6c 74 65 72 73 5b 61 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5d 7c 7c 67 61 2e 65 72 72 6f 72 28 22 75 6e 73 75 70 70 6f 72 74 65 64 20 70 73 65 75 64 6f 3a 20 22 2b 61 29 3b 72 65 74 Data Ascii: ===m.nodeType)&&++t&&(s&&(l=m[u]\|\|(m[u]={}),k=l[m.uniqueID]\|\|(l[m.uniqueID]={}),k[a]=[w,t]),m===b))break;return t-=e,t===d\|\|t%d===0&&t/d>=0}}},PSEUDO:function(a,b){var c,e=d.pseudos[a]\|\|d.setFilters[a.toLowerCase()]\|\|ga.error("unsupported pseudo: "+a);ret
2024-10-25 11:42:06 UTC	16384	IN	Data Raw: 64 3d 31 2c 55 2e 70 72 6f 74 6f 74 79 70 65 3d 7b 63 61 63 68 65 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3b 72 65 74 75 72 6e 20 62 7c 7c 28 62 3d 7b 7d 2c 54 28 61 29 26 26 28 61 2e 6e 6f 64 65 54 79 70 65 3f 61 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3d 62 3a 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 61 2c 74 68 69 73 2e 65 78 70 61 6e 64 6f 2c 7b 76 61 6c 75 65 3a 62 2c 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 7d 29 29 29 2c 62 7d 2c 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 76 61 72 20 64 2c 65 3d 74 68 69 73 2e 63 61 63 68 65 28 61 29 3b 69 66 28 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 62 29 65 5b 72 2e 63 61 6d 65 6c 43 61 73 65 Data Ascii: d=1,U.prototype={cache:function(a){var b=a[this.expando];return b\|\|(b={},T(a)&&(a.nodeType?a[this.expando]=b:Object.defineProperty(a,this.expando,{value:b,configurable:!0}))),b},set:function(a,b,c){var d,e=this.cache(a);if("string"==typeof b)e[r.camelCase
2024-10-25 11:42:06 UTC	16384	IN	Data Raw: 65 26 26 39 21 3d 3d 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 7c 7c 28 74 68 69 73 2e 74 65 78 74 43 6f 6e 74 65 6e 74 3d 61 29 7d 29 7d 2c 6e 75 6c 6c 2c 61 2c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 29 7d 2c 61 70 70 65 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 49 61 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 31 3d 3d 3d 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 7c 7c 31 31 3d 3d 3d 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 7c 7c 39 3d 3d 3d 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 29 7b 76 61 72 20 62 3d 44 61 28 74 68 69 73 2c 61 29 3b 62 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 7d 7d 29 7d 2c 70 72 65 70 65 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 49 61 28 Data Ascii: e&&9!==this.nodeType\|\|(this.textContent=a)})},null,a,arguments.length)},append:function(){return Ia(this,arguments,function(a){if(1===this.nodeType\|\|11===this.nodeType\|\|9===this.nodeType){var b=Da(this,a);b.appendChild(a)}})},prepend:function(){return Ia(
2024-10-25 11:42:06 UTC	16384	IN	Data Raw: 73 2e 73 65 6c 65 63 74 65 64 3d 7b 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 72 65 74 75 72 6e 20 62 26 26 62 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 62 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 73 65 6c 65 63 74 65 64 49 6e 64 65 78 2c 6e 75 6c 6c 7d 2c 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 62 26 26 28 62 2e 73 65 6c 65 63 74 65 64 49 6e 64 65 78 2c 62 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 62 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 73 65 6c 65 63 74 65 64 49 6e 64 65 78 29 7d 7d 29 2c 72 2e 65 61 63 68 28 5b 22 74 61 62 49 6e 64 65 78 22 2c 22 72 65 61 64 4f 6e 6c 79 22 2c 22 6d 61 78 4c 65 6e 67 74 68 22 2c 22 63 65 6c 6c 53 70 61 63 Data Ascii: s.selected={get:function(a){var b=a.parentNode;return b&&b.parentNode&&b.parentNode.selectedIndex,null},set:function(a){var b=a.parentNode;b&&(b.selectedIndex,b.parentNode&&b.parentNode.selectedIndex)}}),r.each(["tabIndex","readOnly","maxLength","cellSpac
2024-10-25 11:42:06 UTC	4789	IN	Data Raw: 3d 62 2e 6a 73 6f 6e 70 21 3d 3d 21 31 26 26 28 52 62 2e 74 65 73 74 28 62 2e 75 72 6c 29 3f 22 75 72 6c 22 3a 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 62 2e 64 61 74 61 26 26 30 3d 3d 3d 28 62 2e 63 6f 6e 74 65 6e 74 54 79 70 65 7c 7c 22 22 29 2e 69 6e 64 65 78 4f 66 28 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 77 77 77 2d 66 6f 72 6d 2d 75 72 6c 65 6e 63 6f 64 65 64 22 29 26 26 52 62 2e 74 65 73 74 28 62 2e 64 61 74 61 29 26 26 22 64 61 74 61 22 29 3b 69 66 28 68 7c 7c 22 6a 73 6f 6e 70 22 3d 3d 3d 62 2e 64 61 74 61 54 79 70 65 73 5b 30 5d 29 72 65 74 75 72 6e 20 65 3d 62 2e 6a 73 6f 6e 70 43 61 6c 6c 62 61 63 6b 3d 72 2e 69 73 46 75 6e 63 74 69 6f 6e 28 62 2e 6a 73 6f 6e 70 43 61 6c 6c 62 61 63 6b 29 3f 62 2e 6a 73 6f 6e 70 43 61 6c 6c 62 Data Ascii: =b.jsonp!==!1&&(Rb.test(b.url)?"url":"string"==typeof b.data&&0===(b.contentType\|\|"").indexOf("application/x-www-form-urlencoded")&&Rb.test(b.data)&&"data");if(h\|\|"jsonp"===b.dataTypes[0])return e=b.jsonpCallback=r.isFunction(b.jsonpCallback)?b.jsonpCallb

Timestamp	Bytes transferred	Direction	Data
2024-10-25 11:42:18 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=6L4s9PSHTBpgUVm&MD=GxUZchm+ HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-25 11:42:18 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 722d7d0e-840e-4fa4-b00b-b9831813845d MS-RequestId: da2b5709-c1a9-4d54-8ef0-992df9e210f6 MS-CV: OVcZ1nekFU+Npxdw.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 25 Oct 2024 11:42:17 GMT Connection: close Content-Length: 30005
2024-10-25 11:42:18 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-10-25 11:42:18 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Timestamp	Bytes transferred	Direction	Data
2024-10-25 11:42:20 UTC	632	OUT	POST /fdp/next.php HTTP/1.1 Host: encastillas.za.com Connection: keep-alive Content-Length: 64 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json, text/javascript, /; q=0.01 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-25 11:42:20 UTC	64	OUT	Data Raw: 65 6d 61 69 6c 3d 73 61 6c 65 73 25 34 30 70 68 6f 65 6e 69 78 63 72 61 6e 65 2e 63 6f 6d 26 70 61 73 73 77 6f 72 64 3d 77 68 79 61 72 65 79 6f 75 61 73 6b 69 6e 67 2b 6f 66 72 2b 74 68 69 73 Data Ascii: email=sales%40phoenixcrane.com&password=whyareyouasking+ofr+this
2024-10-25 11:42:20 UTC	159	IN	HTTP/1.1 200 OK Date: Fri, 25 Oct 2024 11:42:20 GMT Server: Apache Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2024-10-25 11:42:20 UTC	75	IN	Data Raw: 34 30 0d 0a 7b 22 73 69 67 6e 61 6c 22 3a 22 6f 6b 22 2c 22 6d 73 67 22 3a 22 49 6e 56 61 6c 69 64 20 43 72 65 64 65 6e 74 69 61 6c 73 22 2c 22 72 65 64 69 72 65 63 74 5f 6c 69 6e 6b 22 3a 6e 75 6c 6c 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 40{"signal":"ok","msg":"InValid Credentials","redirect_link":null}0

Timestamp	Bytes transferred	Direction	Data
2024-10-25 11:42:29 UTC	620	OUT	GET /shared/5/js/reset-password-signinname_en-gb_YGuA5M2JeZTG051RaehFAQ2.js HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://account.live.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://account.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-25 11:42:30 UTC	793	IN	HTTP/1.1 200 OK Date: Fri, 25 Oct 2024 11:42:30 GMT Content-Type: application/x-javascript Content-Length: 171978 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Tue, 15 Oct 2024 15:11:34 GMT ETag: 0x8DCED2BA8908C81 x-ms-request-id: 14e54fad-c01e-0039-1ad2-26384a000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20241025T114229Z-16849878b785dznd7xpawq9gcn00000001u000000000amb0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-10-25 11:42:30 UTC	15591	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 dc bd 6b 77 db b8 b2 20 fa fd fe 0a 5b 37 4b 8b 3c 86 15 c9 ce 93 0a 5b 93 c4 76 27 dd 79 75 1e dd e9 f6 f6 78 d1 12 64 33 91 48 85 a4 ec 38 b6 fe fb ad 07 9e 24 e5 24 fb cc 99 39 77 b2 56 2c 10 04 81 42 a1 00 54 15 aa 0a b7 ff 63 73 e3 20 2f 36 66 e9 58 66 a5 dc 48 b3 69 5e cc 93 2a cd b3 8d c5 4c 26 90 55 4a b9 51 c8 52 56 db 8b a4 2c 2f f2 62 b2 5d a6 a7 59 9a 65 c9 5c 1e cb 6c fb f4 a4 f7 a9 ec bd 78 fe 74 ff d5 bb fd 5e f5 b5 da f8 8f db ff cf e6 74 99 8d b1 9a 20 bc 3a 4f 8a 0d 29 2a 91 89 42 e4 22 8d af ee 0e 76 ef 46 a6 00 bd 0a af 3a 4b 6c ac 2a d2 71 d5 19 e2 27 45 9c 05 3b 0f ef 0e 42 91 c7 57 e3 b3 74 36 79 9a 67 95 fc 5a bd bf 5c c8 32 da ec 8b b1 7d ae 3d d2 eb 89 9c 26 cb 59 f5 a6 c8 17 fc 9c 96 8b 59 72 f9 0a Data Ascii: kw [7K<[v'yuxd3H8$$9wV,BTcs /6fXfHi^L&UJQRV,/b]Ye\lxt^t :O)B"vF:Kl*q'E;BWt6ygZ\2}=&YYr
2024-10-25 11:42:30 UTC	16384	IN	Data Raw: 1d b1 d3 8f 30 08 57 c9 90 ec dc b7 48 db dd 21 74 ed ee 62 d9 53 b4 bd 17 bb 77 38 cd 68 d8 bd 8b 2d 02 33 b6 0b ed 3d cb e7 f8 cd 7d 0f b3 bb 0f 1c cc ee 3e f4 d1 7a a7 ef 21 f5 0e d4 f6 3c 2b 25 da 5a dc b9 67 f1 3b c0 3e 1e 0c 30 01 90 1c ec 60 02 c0 38 d8 c5 04 7c 73 70 07 13 f0 c1 c1 5d 4c 00 00 07 f7 30 01 4d 1f dc c7 04 34 7b f0 00 51 05 ed 1d 3c c4 c4 00 2b ec 63 8a aa c6 ba 77 b0 ee 01 56 7e 07 2a 7f b5 9c 33 3e 06 08 95 3b 54 3b 3b f0 1a 55 84 30 2c 89 37 13 80 ba eb 5a 1c 22 79 4d ff 79 7e 48 cf e8 c9 82 bf c4 f1 79 03 ed dd f5 a2 96 09 7b 48 69 95 38 1c 61 55 c6 34 bb c2 91 1a f5 a8 ed 38 51 d6 8e d4 b5 3e d7 ea f6 b9 ca 54 01 87 1f 1d d1 1d f2 0e 5c 51 07 3a ab 5d 28 ff 7d 7d 60 01 4c 57 a2 34 3e 7c 50 b9 5e 4f a8 17 81 b6 b5 ab 05 23 84 09 Data Ascii: 0WH!tbSw8h-3=}>z!<+%Zg;>0`8\|sp]L0M4{Q<+cwV~*3>;T;;U0,7Z"yMy~Hy{Hi8aU48Q>T\Q:](}}`LW4>\|P^O#
2024-10-25 11:42:30 UTC	16384	IN	Data Raw: f1 26 57 75 6a 31 59 06 2b 6f e7 38 52 8e 1e d6 5d f3 a7 99 77 a5 da a9 15 e5 60 75 0d 9b f1 d2 dc ae e6 4f 0d 57 7f c8 af 4e a7 fa 31 cf 5b 56 2a 46 00 34 e4 09 02 b8 36 54 58 79 97 ba db 2f 98 b9 be 95 15 6b 0a d9 a8 70 ae 66 8d 1f 97 66 2c 5d 69 f4 fe 21 5c db 18 e9 54 1f 24 2b 7b d8 8e 48 61 a3 0e c6 99 a5 09 a8 24 d4 97 1f 78 e5 ae 48 a8 e4 0d 4b 13 25 8d 8c ce c8 16 29 3a c0 e0 a4 7d f6 ad ea 57 52 1d cb 37 81 d1 e0 84 a2 22 c1 9e d1 af 89 d4 75 af d3 41 48 c9 d3 14 57 29 d2 b5 59 56 35 e3 18 aa 19 c9 fe 9c cc 4b 0a 4a 25 c4 55 1d ef 5e 50 d1 fa ff 80 cd 86 ad d2 74 76 45 6e 74 d8 cf d4 93 c3 b7 6d 69 41 c6 f2 97 4d 1a d4 a1 68 6b dd 6c 6a b8 ca b4 16 74 7d ea b9 de 8b 86 78 bb a3 fc 59 cf d3 a3 d1 3a 52 85 08 0c b5 69 d7 68 69 a8 a9 34 ce d0 f7 a8 Data Ascii: &Wuj1Y+o8R]w`uOWN1[V*F46TXy/kpff,]i!\T$+{Ha$xHK%):}WR7"uAHW)YV5KJ%U^PtvEntmiAMhkljt}xY:Rihi4
2024-10-25 11:42:30 UTC	16384	IN	Data Raw: 8e e2 db 28 67 1b 54 54 80 aa c2 c6 b9 c1 45 6e f0 5a 38 8f 08 65 f2 10 6e 73 8b 95 82 42 d3 84 1a 02 62 7b 9e 52 a6 b2 0d ac 7e f0 bc 53 46 45 09 d2 61 b8 8e dd db 12 96 df ad 7d 61 35 c4 18 d0 15 86 ad 46 5d 51 93 3d d8 54 9f 3c ac 99 dd d6 0b fe f1 9d 1d 3e bd 1d 21 6f 6d ad 60 f7 78 c2 1a e1 c2 9c d0 0e 50 9a a8 29 96 f3 80 7f 79 c2 f4 44 46 98 16 32 eb f3 34 48 ce 8b 8b 41 4e 46 b7 c5 02 f8 75 54 3e e2 25 1a bd e0 6d b7 84 5f 6b cd ac 68 64 ca 04 92 a1 a1 ee f2 b1 ee 0a d9 70 7b 87 3b 76 9d 63 e4 64 0a 34 af a2 18 3f 8d a6 09 b2 bf cc c9 ee d2 9f 69 8d 4d a5 88 d4 05 22 b7 88 f6 62 f4 25 87 79 29 20 19 8e d1 04 83 0f fc 75 1a 9a 1d b1 a0 bb db 9e 18 86 ab 18 00 d3 3d 82 04 d0 46 0a 85 31 32 85 3d 32 65 fa 8f 30 2b cd 13 d4 43 d2 f4 df e7 4b b4 03 7c Data Ascii: (gTTEnZ8ensBb{R~SFEa}a5F]Q=T<>!om`xP)yDF24HANFuT>%m_khdp{;vcd4?iM"b%y) u=F12=2e0+CK\|
2024-10-25 11:42:30 UTC	16384	IN	Data Raw: be b0 b2 4f 63 1b 50 0b a1 41 2b c4 21 f0 0f 1d fc d3 59 f1 61 f6 4f 6f 6e 9a 30 24 f6 82 d5 e0 fb cd 0d f2 1d 97 c8 68 55 90 2b 3f 40 80 41 0f b8 b1 06 9c 02 a1 63 74 cf 6e 92 92 4b 0a 51 b0 d0 c6 00 a4 fd de 99 07 c0 ab 56 fb 3e d5 79 6f 20 be 74 e0 8b b1 0f 34 c4 70 ae cc 8d 08 b7 85 73 60 0b 79 e6 ea cc 43 8d 8d 01 4c c4 25 4e db a5 bb 76 3c 66 5a 40 8e 3b a2 e0 8a d4 52 6d cc 3c 02 9c ad ae d2 52 38 85 71 02 48 46 0f da ad ee 59 0c 43 b0 76 80 dd 04 78 8c 91 40 3b 1e a4 51 6d 30 30 ac 4b fb dc 62 20 d3 27 07 fa 8c a3 dd b1 e4 e0 01 c9 a0 f6 13 7f 04 55 13 98 e7 ee 0c f0 7c e2 7e 00 6c ed f5 01 5d e1 9f 31 86 8e 80 3f 00 17 b4 a7 43 0b 0a ec e2 cc 99 b2 52 27 f0 ff 05 ac 8d 31 94 3b 74 48 f5 a4 c2 81 b2 bd 8d 3a b0 ab ab 4d 62 17 08 87 db 4e b7 d9 68 Data Ascii: OcPA+!YaOon0$hU+?@ActnKQV>yo t4ps`yCL%Nv<fZ@;Rm<R8qHFYCvx@;Qm00Kb 'U\|~l]1?CR'1;tH:MbNh
2024-10-25 11:42:31 UTC	16384	IN	Data Raw: 8e a9 05 fe b9 07 1f cc 42 d3 8a 03 d0 41 e5 2c be e9 ae 94 40 ef 88 e5 82 7b 9a 22 9b 13 a0 aa 10 53 bf 75 57 2a 25 69 96 99 21 2c 2b 3f f5 80 c1 29 f1 cb 7d 9f df b7 55 4d 5c d7 26 71 02 ac e3 84 09 08 0f 97 d8 0e ff ea 2f ad aa 1f 97 c5 7c 9c cc 8a 15 d0 05 1c 48 3f b1 c1 97 a4 ae 97 82 24 27 a9 2b a8 49 4f 37 d5 73 2c 50 df ae e9 38 61 10 f8 b6 47 7d 2f 13 df 5b 6f ac c7 7b eb 59 71 68 85 b1 ed 06 8e 89 01 9f 71 10 88 0d c4 f9 0e b5 a1 06 48 01 07 43 e5 03 e0 04 07 c4 96 a0 f0 b2 51 1b 6b 81 79 17 84 34 31 49 62 81 49 61 db 91 67 d9 e2 63 85 0e dd 35 69 ec 44 96 ed 3b a6 19 e3 c1 95 5f ae c0 5c 87 ce bb 14 84 41 68 93 d0 24 60 0d d8 0e c5 7e 95 a7 62 dd 95 fc d8 a6 34 4e ec 8c 66 99 9d 86 5e e8 64 e2 4b b3 46 a5 25 8c bd 60 2f 7b 8e 49 92 d0 d5 6a 41 Data Ascii: BA,@{"SuW*%i!,+?)}UM\&q/\|H?$'+IO7s,P8aG}/[o{YqhqHCQky41IbIagc5iD;_\Ah$`~b4Nf^dKF%`/{IjA
2024-10-25 11:42:31 UTC	16384	IN	Data Raw: 4a 81 b3 bf c2 78 3f 76 42 87 5f 8d c9 b2 3e dd 7e 53 1f 6f 97 45 bf 55 0f 10 b4 73 39 6a 17 74 63 dc fb 8e 60 c6 e5 7a f6 b8 5e 31 9d 69 a5 95 c7 4c 3d b6 a2 e5 10 b5 fc c7 8e 8c 21 df 27 32 26 df 29 32 66 76 c9 91 31 f9 15 45 c6 cc ae 20 32 26 11 0e 08 61 16 2a 4c 33 fc bb 43 28 5a a7 35 66 d4 25 ae 2b 1b 68 33 a6 84 37 08 6a b0 6b bb 3e ff 8f cc c6 7f b6 7c 5a 18 82 cd c3 d5 6d 16 69 eb 79 0a e5 8d 07 f1 d0 c6 00 23 57 91 44 af c4 8d b9 e3 c5 2c 5f 6f 0f e4 a8 05 c4 e9 8f 2d 20 56 df 47 40 9c ee 24 20 b2 4b 16 10 a7 57 24 20 b2 2b 10 10 0b 79 87 42 ba e6 09 a6 af 08 48 52 1e 6b e6 0f 60 48 f1 44 96 b0 7e b9 0b ac 13 01 b6 65 97 7e 9a 36 5b 24 26 8c 2c 3d 9b d6 c5 db 4d 29 4e f8 8e 86 c8 5e 02 3f 0c be 2e 86 7d cc 2e 90 a7 c3 bb 6f 98 f5 54 45 00 1d 3c Data Ascii: Jx?vB_>~SoEUs9jtc`z^1iL=!'2&)2fv1E 2&a*L3C(Z5f%+h37jk>\|Zmiy#WD,_o- VG@$ KW$ +yBHRk`HD~e~6[$&,=M)N^?.}.oTE<
2024-10-25 11:42:31 UTC	16384	IN	Data Raw: 79 ae 45 9d fa 61 e2 bf 9e 04 2f 27 1d fd 58 57 f3 b2 a6 77 30 dd 91 d7 ef bb 96 53 92 05 48 e2 27 cf c4 b5 68 6c 91 62 ea 7f 33 09 de 4f 3a b6 91 a1 3f 0e 22 ac 31 22 7c af b5 08 16 eb bc e8 91 8b 36 dd 61 9e 7a 04 13 5d 5c 3a e4 05 89 9f cc c4 80 26 fd 2e de a2 a3 30 9c 97 e7 f1 b3 67 17 de 77 ad 56 6b 05 fe e7 47 61 da 31 58 a2 5f c2 67 f3 1f 87 63 63 84 d4 e2 33 3f cf 82 e4 c5 da ea ea f2 9a 51 9f 9b 90 dc 50 ba 89 d7 b6 81 57 57 97 36 d7 9e 01 01 0b 01 e5 f5 be fb ae 85 8f e2 fd 77 6b 71 69 e5 d9 ea da f2 d2 a2 74 11 93 4d fd b7 93 e0 d5 a4 53 9d 2f 6d ab 7d e6 d3 8c 57 a0 29 52 f6 70 62 7a de ba d8 2a ce 63 68 44 75 40 e3 ff 36 09 0e cc 51 a0 f5 ac 36 23 d1 bf 4a db 4c 56 ba c2 41 8f e1 14 2f 16 f1 d9 d2 20 f1 b8 03 47 e6 5d 97 37 08 a1 11 a6 39 e9 Data Ascii: yEa/'XWw0SH'hlb3O:?"1"\|6az]\:&.0gwVkGa1X_gcc3?QPWW6wkqitMS/m}W)Rpbz*chDu@6Q6#JLVA/ G]79
2024-10-25 11:42:31 UTC	16384	IN	Data Raw: 89 db 0c 2f 68 c8 81 2f 3c a2 a9 66 cd 1d 5a 2d df c1 7b 1a a2 82 12 89 a6 e0 09 4d 9b ec 56 ab 5d 78 4b 43 72 3f 0f af 69 5a 6f de 94 72 3f 63 0e 6f 29 f6 79 01 60 c2 69 03 c4 82 47 35 2d d7 69 2a 0f c3 12 9e ac 96 52 16 70 8a e3 ac 68 4b 2f da 62 6f a9 28 1f d3 75 56 ee ad 5e 0e d5 c2 b0 dc a1 97 84 ec 2c 2b 76 a0 17 3b 60 e7 38 47 78 63 68 8d ad 28 6e a5 2b 73 94 47 b2 0e 69 6a 12 bb d2 6a b1 2b b3 0b af 09 aa 7b 2d d8 11 3b af 1b 0b 76 58 6e 24 bf 8a df f6 18 b2 b1 ed 90 a0 30 72 c8 2f 23 3c 81 25 da 53 99 b2 94 bf 4e 59 0a d0 8c b1 4d c8 46 cc 1c 8a dc 5c 8b 59 af 8c b2 97 52 5c ce 33 6d a7 d2 dc 3e 93 47 0d d0 10 4d 98 eb aa 9f 90 df 5f 54 0c 4b a4 d9 f2 8e 60 a2 57 10 e5 0e 44 0a 1c b9 29 de 92 8a 91 88 94 81 b8 00 15 63 ca 19 64 91 c8 b0 e8 ca d8 Data Ascii: /h/<fZ-{MV]xKCr?iZor?co)y`iG5-i*RphK/bo(uV^,+v;`8Gxch(n+sGijj+{-;vXn$0r/#<%SNYMF\YR\3m>GM_TK`WD)cd
2024-10-25 11:42:31 UTC	16384	IN	Data Raw: 38 b2 1d a3 e4 76 84 22 8f ee 06 16 56 66 51 56 1e 9e 46 19 5c 36 ad f2 58 f9 42 61 75 52 25 15 b6 9c 86 2d 88 fd 7f ef 34 b3 8f 9f d0 9b 48 63 2d 68 c4 ed 54 7b 69 87 99 03 e4 6b ba cd 6b 17 21 db 59 78 f7 56 03 0f b6 0a 20 19 39 02 0d 0f 1c 79 6f 96 b8 a3 98 e8 ce 3e 3f a3 1c b6 a1 1f 00 20 04 54 88 8e cf 9f 28 cb cb e8 7d 61 10 70 56 48 cd f7 4e 3d 67 5d 66 30 8b d6 73 cd 33 82 d8 c3 26 c5 f0 de 38 ff 36 e1 ad 0e 7f da db d9 87 75 85 0b b4 cf ef 4f 0c 80 d0 c4 70 28 c1 32 45 83 59 f9 84 8d 72 e8 ba c3 38 92 7d bf 04 fa 6e 67 3f f8 29 bd ce 41 7a 4f 5d b8 a7 01 dd d3 ed e2 d5 71 d1 90 4e 4d 2d 9e 0a 28 c3 1b b2 c4 7e 1c 05 c8 19 3f 05 8c 0e 68 51 ba 9a a8 9e 48 b8 71 2c 39 a1 ee 3b 87 90 64 38 3e 53 20 c7 9c 63 1f 43 9f 43 7d 20 e9 06 78 20 31 28 47 8d Data Ascii: 8v"VfQVF\6XBauR%-4Hc-hT{ikk!YxV 9yo>? T(}apVHN=g]f0s3&86uOp(2EYr8}ng?)AzO]qNM-(~?hQHq,9;d8>S cCC} x 1(G

Timestamp	Bytes transferred	Direction	Data
2024-10-25 11:42:32 UTC	413	OUT	GET /shared/5/js/reset-password-signinname_en-gb_YGuA5M2JeZTG051RaehFAQ2.js HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-25 11:42:32 UTC	813	IN	HTTP/1.1 200 OK Date: Fri, 25 Oct 2024 11:42:32 GMT Content-Type: application/x-javascript Content-Length: 171978 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Tue, 15 Oct 2024 15:11:34 GMT ETag: 0x8DCED2BA8908C81 x-ms-request-id: 14e54fad-c01e-0039-1ad2-26384a000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20241025T114232Z-16849878b785f8wh85a0w3ennn0000000970000000000fgg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-25 11:42:32 UTC	15571	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 dc bd 6b 77 db b8 b2 20 fa fd fe 0a 5b 37 4b 8b 3c 86 15 c9 ce 93 0a 5b 93 c4 76 27 dd 79 75 1e dd e9 f6 f6 78 d1 12 64 33 91 48 85 a4 ec 38 b6 fe fb ad 07 9e 24 e5 24 fb cc 99 39 77 b2 56 2c 10 04 81 42 a1 00 54 15 aa 0a b7 ff 63 73 e3 20 2f 36 66 e9 58 66 a5 dc 48 b3 69 5e cc 93 2a cd b3 8d c5 4c 26 90 55 4a b9 51 c8 52 56 db 8b a4 2c 2f f2 62 b2 5d a6 a7 59 9a 65 c9 5c 1e cb 6c fb f4 a4 f7 a9 ec bd 78 fe 74 ff d5 bb fd 5e f5 b5 da f8 8f db ff cf e6 74 99 8d b1 9a 20 bc 3a 4f 8a 0d 29 2a 91 89 42 e4 22 8d af ee 0e 76 ef 46 a6 00 bd 0a af 3a 4b 6c ac 2a d2 71 d5 19 e2 27 45 9c 05 3b 0f ef 0e 42 91 c7 57 e3 b3 74 36 79 9a 67 95 fc 5a bd bf 5c c8 32 da ec 8b b1 7d ae 3d d2 eb 89 9c 26 cb 59 f5 a6 c8 17 fc 9c 96 8b 59 72 f9 0a Data Ascii: kw [7K<[v'yuxd3H8$$9wV,BTcs /6fXfHi^L&UJQRV,/b]Ye\lxt^t :O)B"vF:Kl*q'E;BWt6ygZ\2}=&YYr
2024-10-25 11:42:32 UTC	16384	IN	Data Raw: 25 0d 24 ef 73 fb d0 18 3c 40 25 8f 67 98 0b df bf c1 68 4f 1d b1 d3 8f 30 08 57 c9 90 ec dc b7 48 db dd 21 74 ed ee 62 d9 53 b4 bd 17 bb 77 38 cd 68 d8 bd 8b 2d 02 33 b6 0b ed 3d cb e7 f8 cd 7d 0f b3 bb 0f 1c cc ee 3e f4 d1 7a a7 ef 21 f5 0e d4 f6 3c 2b 25 da 5a dc b9 67 f1 3b c0 3e 1e 0c 30 01 90 1c ec 60 02 c0 38 d8 c5 04 7c 73 70 07 13 f0 c1 c1 5d 4c 00 00 07 f7 30 01 4d 1f dc c7 04 34 7b f0 00 51 05 ed 1d 3c c4 c4 00 2b ec 63 8a aa c6 ba 77 b0 ee 01 56 7e 07 2a 7f b5 9c 33 3e 06 08 95 3b 54 3b 3b f0 1a 55 84 30 2c 89 37 13 80 ba eb 5a 1c 22 79 4d ff 79 7e 48 cf e8 c9 82 bf c4 f1 79 03 ed dd f5 a2 96 09 7b 48 69 95 38 1c 61 55 c6 34 bb c2 91 1a f5 a8 ed 38 51 d6 8e d4 b5 3e d7 ea f6 b9 ca 54 01 87 1f 1d d1 1d f2 0e 5c 51 07 3a ab 5d 28 ff 7d 7d 60 01 Data Ascii: %$s<@%ghO0WH!tbSw8h-3=}>z!<+%Zg;>0`8\|sp]L0M4{Q<+cwV~*3>;T;;U0,7Z"yMy~Hy{Hi8aU48Q>T\Q:](}}`
2024-10-25 11:42:32 UTC	16384	IN	Data Raw: 04 4a b5 2e 5d 2f b8 89 88 e6 1d d9 47 56 79 4f 18 5c 14 b1 f1 26 57 75 6a 31 59 06 2b 6f e7 38 52 8e 1e d6 5d f3 a7 99 77 a5 da a9 15 e5 60 75 0d 9b f1 d2 dc ae e6 4f 0d 57 7f c8 af 4e a7 fa 31 cf 5b 56 2a 46 00 34 e4 09 02 b8 36 54 58 79 97 ba db 2f 98 b9 be 95 15 6b 0a d9 a8 70 ae 66 8d 1f 97 66 2c 5d 69 f4 fe 21 5c db 18 e9 54 1f 24 2b 7b d8 8e 48 61 a3 0e c6 99 a5 09 a8 24 d4 97 1f 78 e5 ae 48 a8 e4 0d 4b 13 25 8d 8c ce c8 16 29 3a c0 e0 a4 7d f6 ad ea 57 52 1d cb 37 81 d1 e0 84 a2 22 c1 9e d1 af 89 d4 75 af d3 41 48 c9 d3 14 57 29 d2 b5 59 56 35 e3 18 aa 19 c9 fe 9c cc 4b 0a 4a 25 c4 55 1d ef 5e 50 d1 fa ff 80 cd 86 ad d2 74 76 45 6e 74 d8 cf d4 93 c3 b7 6d 69 41 c6 f2 97 4d 1a d4 a1 68 6b dd 6c 6a b8 ca b4 16 74 7d ea b9 de 8b 86 78 bb a3 fc 59 cf Data Ascii: J.]/GVyO\&Wuj1Y+o8R]w`uOWN1[V*F46TXy/kpff,]i!\T$+{Ha$xHK%):}WR7"uAHW)YV5KJ%U^PtvEntmiAMhkljt}xY
2024-10-25 11:42:32 UTC	16384	IN	Data Raw: 24 80 8e 96 ce 9b 78 e3 3a c7 29 25 51 2b 63 38 8c 1b 79 34 8e e2 db 28 67 1b 54 54 80 aa c2 c6 b9 c1 45 6e f0 5a 38 8f 08 65 f2 10 6e 73 8b 95 82 42 d3 84 1a 02 62 7b 9e 52 a6 b2 0d ac 7e f0 bc 53 46 45 09 d2 61 b8 8e dd db 12 96 df ad 7d 61 35 c4 18 d0 15 86 ad 46 5d 51 93 3d d8 54 9f 3c ac 99 dd d6 0b fe f1 9d 1d 3e bd 1d 21 6f 6d ad 60 f7 78 c2 1a e1 c2 9c d0 0e 50 9a a8 29 96 f3 80 7f 79 c2 f4 44 46 98 16 32 eb f3 34 48 ce 8b 8b 41 4e 46 b7 c5 02 f8 75 54 3e e2 25 1a bd e0 6d b7 84 5f 6b cd ac 68 64 ca 04 92 a1 a1 ee f2 b1 ee 0a d9 70 7b 87 3b 76 9d 63 e4 64 0a 34 af a2 18 3f 8d a6 09 b2 bf cc c9 ee d2 9f 69 8d 4d a5 88 d4 05 22 b7 88 f6 62 f4 25 87 79 29 20 19 8e d1 04 83 0f fc 75 1a 9a 1d b1 a0 bb db 9e 18 86 ab 18 00 d3 3d 82 04 d0 46 0a 85 31 32 Data Ascii: $x:)%Q+c8y4(gTTEnZ8ensBb{R~SFEa}a5F]Q=T<>!om`xP)yDF24HANFuT>%m_khdp{;vcd4?iM"b%y) u=F12
2024-10-25 11:42:32 UTC	16384	IN	Data Raw: 40 43 00 e7 51 92 13 c5 82 eb 00 02 cb 07 fd b3 36 dc 96 a4 be b0 b2 4f 63 1b 50 0b a1 41 2b c4 21 f0 0f 1d fc d3 59 f1 61 f6 4f 6f 6e 9a 30 24 f6 82 d5 e0 fb cd 0d f2 1d 97 c8 68 55 90 2b 3f 40 80 41 0f b8 b1 06 9c 02 a1 63 74 cf 6e 92 92 4b 0a 51 b0 d0 c6 00 a4 fd de 99 07 c0 ab 56 fb 3e d5 79 6f 20 be 74 e0 8b b1 0f 34 c4 70 ae cc 8d 08 b7 85 73 60 0b 79 e6 ea cc 43 8d 8d 01 4c c4 25 4e db a5 bb 76 3c 66 5a 40 8e 3b a2 e0 8a d4 52 6d cc 3c 02 9c ad ae d2 52 38 85 71 02 48 46 0f da ad ee 59 0c 43 b0 76 80 dd 04 78 8c 91 40 3b 1e a4 51 6d 30 30 ac 4b fb dc 62 20 d3 27 07 fa 8c a3 dd b1 e4 e0 01 c9 a0 f6 13 7f 04 55 13 98 e7 ee 0c f0 7c e2 7e 00 6c ed f5 01 5d e1 9f 31 86 8e 80 3f 00 17 b4 a7 43 0b 0a ec e2 cc 99 b2 52 27 f0 ff 05 ac 8d 31 94 3b 74 48 f5 Data Ascii: @CQ6OcPA+!YaOon0$hU+?@ActnKQV>yo t4ps`yCL%Nv<fZ@;Rm<R8qHFYCvx@;Qm00Kb 'U\|~l]1?CR'1;tH
2024-10-25 11:42:33 UTC	16384	IN	Data Raw: 52 42 d3 04 5c 32 70 e1 43 6a a7 42 49 fc aa ab b5 3a 81 ce 8e a9 05 fe b9 07 1f cc 42 d3 8a 03 d0 41 e5 2c be e9 ae 94 40 ef 88 e5 82 7b 9a 22 9b 13 a0 aa 10 53 bf 75 57 2a 25 69 96 99 21 2c 2b 3f f5 80 c1 29 f1 cb 7d 9f df b7 55 4d 5c d7 26 71 02 ac e3 84 09 08 0f 97 d8 0e ff ea 2f ad aa 1f 97 c5 7c 9c cc 8a 15 d0 05 1c 48 3f b1 c1 97 a4 ae 97 82 24 27 a9 2b a8 49 4f 37 d5 73 2c 50 df ae e9 38 61 10 f8 b6 47 7d 2f 13 df 5b 6f ac c7 7b eb 59 71 68 85 b1 ed 06 8e 89 01 9f 71 10 88 0d c4 f9 0e b5 a1 06 48 01 07 43 e5 03 e0 04 07 c4 96 a0 f0 b2 51 1b 6b 81 79 17 84 34 31 49 62 81 49 61 db 91 67 d9 e2 63 85 0e dd 35 69 ec 44 96 ed 3b a6 19 e3 c1 95 5f ae c0 5c 87 ce bb 14 84 41 68 93 d0 24 60 0d d8 0e c5 7e 95 a7 62 dd 95 fc d8 a6 34 4e ec 8c 66 99 9d 86 5e Data Ascii: RB\2pCjBI:BA,@{"SuW*%i!,+?)}UM\&q/\|H?$'+IO7s,P8aG}/[o{YqhqHCQky41IbIagc5iD;_\Ah$`~b4Nf^
2024-10-25 11:42:33 UTC	16384	IN	Data Raw: 32 20 f0 cf e3 e9 12 93 3c 5a 5a 61 86 df 18 68 c6 c9 0e e7 4a 81 b3 bf c2 78 3f 76 42 87 5f 8d c9 b2 3e dd 7e 53 1f 6f 97 45 bf 55 0f 10 b4 73 39 6a 17 74 63 dc fb 8e 60 c6 e5 7a f6 b8 5e 31 9d 69 a5 95 c7 4c 3d b6 a2 e5 10 b5 fc c7 8e 8c 21 df 27 32 26 df 29 32 66 76 c9 91 31 f9 15 45 c6 cc ae 20 32 26 11 0e 08 61 16 2a 4c 33 fc bb 43 28 5a a7 35 66 d4 25 ae 2b 1b 68 33 a6 84 37 08 6a b0 6b bb 3e ff 8f cc c6 7f b6 7c 5a 18 82 cd c3 d5 6d 16 69 eb 79 0a e5 8d 07 f1 d0 c6 00 23 57 91 44 af c4 8d b9 e3 c5 2c 5f 6f 0f e4 a8 05 c4 e9 8f 2d 20 56 df 47 40 9c ee 24 20 b2 4b 16 10 a7 57 24 20 b2 2b 10 10 0b 79 87 42 ba e6 09 a6 af 08 48 52 1e 6b e6 0f 60 48 f1 44 96 b0 7e b9 0b ac 13 01 b6 65 97 7e 9a 36 5b 24 26 8c 2c 3d 9b d6 c5 db 4d 29 4e f8 8e 86 c8 5e 02 Data Ascii: 2 <ZZahJx?vB_>~SoEUs9jtc`z^1iL=!'2&)2fv1E 2&a*L3C(Z5f%+h37jk>\|Zmiy#WD,_o- VG@$ KW$ +yBHRk`HD~e~6[$&,=M)N^
2024-10-25 11:42:33 UTC	16384	IN	Data Raw: 1e 1e e4 74 3b 9d 74 58 b8 7d 3a c1 59 c4 9d 76 c6 9f 3d 2c 79 ae 45 9d fa 61 e2 bf 9e 04 2f 27 1d fd 58 57 f3 b2 a6 77 30 dd 91 d7 ef bb 96 53 92 05 48 e2 27 cf c4 b5 68 6c 91 62 ea 7f 33 09 de 4f 3a b6 91 a1 3f 0e 22 ac 31 22 7c af b5 08 16 eb bc e8 91 8b 36 dd 61 9e 7a 04 13 5d 5c 3a e4 05 89 9f cc c4 80 26 fd 2e de a2 a3 30 9c 97 e7 f1 b3 67 17 de 77 ad 56 6b 05 fe e7 47 61 da 31 58 a2 5f c2 67 f3 1f 87 63 63 84 d4 e2 33 3f cf 82 e4 c5 da ea ea f2 9a 51 9f 9b 90 dc 50 ba 89 d7 b6 81 57 57 97 36 d7 9e 01 01 0b 01 e5 f5 be fb ae 85 8f e2 fd 77 6b 71 69 e5 d9 ea da f2 d2 a2 74 11 93 4d fd b7 93 e0 d5 a4 53 9d 2f 6d ab 7d e6 d3 8c 57 a0 29 52 f6 70 62 7a de ba d8 2a ce 63 68 44 75 40 e3 ff 36 09 0e cc 51 a0 f5 ac 36 23 d1 bf 4a db 4c 56 ba c2 41 8f e1 14 Data Ascii: t;tX}:Yv=,yEa/'XWw0SH'hlb3O:?"1"\|6az]\:&.0gwVkGa1X_gcc3?QPWW6wkqitMS/m}W)Rpbz*chDu@6Q6#JLVA
2024-10-25 11:42:33 UTC	16384	IN	Data Raw: 8b 62 c3 5b 9a aa c1 8d ab d5 31 3c aa 61 6a 26 be 30 f1 9a 89 db 0c 2f 68 c8 81 2f 3c a2 a9 66 cd 1d 5a 2d df c1 7b 1a a2 82 12 89 a6 e0 09 4d 9b ec 56 ab 5d 78 4b 43 72 3f 0f af 69 5a 6f de 94 72 3f 63 0e 6f 29 f6 79 01 60 c2 69 03 c4 82 47 35 2d d7 69 2a 0f c3 12 9e ac 96 52 16 70 8a e3 ac 68 4b 2f da 62 6f a9 28 1f d3 75 56 ee ad 5e 0e d5 c2 b0 dc a1 97 84 ec 2c 2b 76 a0 17 3b 60 e7 38 47 78 63 68 8d ad 28 6e a5 2b 73 94 47 b2 0e 69 6a 12 bb d2 6a b1 2b b3 0b af 09 aa 7b 2d d8 11 3b af 1b 0b 76 58 6e 24 bf 8a df f6 18 b2 b1 ed 90 a0 30 72 c8 2f 23 3c 81 25 da 53 99 b2 94 bf 4e 59 0a d0 8c b1 4d c8 46 cc 1c 8a dc 5c 8b 59 af 8c b2 97 52 5c ce 33 6d a7 d2 dc 3e 93 47 0d d0 10 4d 98 eb aa 9f 90 df 5f 54 0c 4b a4 d9 f2 8e 60 a2 57 10 e5 0e 44 0a 1c b9 29 Data Ascii: b[1<aj&0/h/<fZ-{MV]xKCr?iZor?co)y`iG5-i*RphK/bo(uV^,+v;`8Gxch(n+sGijj+{-;vXn$0r/#<%SNYMF\YR\3m>GM_TK`WD)
2024-10-25 11:42:33 UTC	16384	IN	Data Raw: 3e 9d 5b 4c db a5 b4 fb 18 b1 ec 3e 00 81 db 65 8a c5 c6 b8 38 b2 1d a3 e4 76 84 22 8f ee 06 16 56 66 51 56 1e 9e 46 19 5c 36 ad f2 58 f9 42 61 75 52 25 15 b6 9c 86 2d 88 fd 7f ef 34 b3 8f 9f d0 9b 48 63 2d 68 c4 ed 54 7b 69 87 99 03 e4 6b ba cd 6b 17 21 db 59 78 f7 56 03 0f b6 0a 20 19 39 02 0d 0f 1c 79 6f 96 b8 a3 98 e8 ce 3e 3f a3 1c b6 a1 1f 00 20 04 54 88 8e cf 9f 28 cb cb e8 7d 61 10 70 56 48 cd f7 4e 3d 67 5d 66 30 8b d6 73 cd 33 82 d8 c3 26 c5 f0 de 38 ff 36 e1 ad 0e 7f da db d9 87 75 85 0b b4 cf ef 4f 0c 80 d0 c4 70 28 c1 32 45 83 59 f9 84 8d 72 e8 ba c3 38 92 7d bf 04 fa 6e 67 3f f8 29 bd ce 41 7a 4f 5d b8 a7 01 dd d3 ed e2 d5 71 d1 90 4e 4d 2d 9e 0a 28 c3 1b b2 c4 7e 1c 05 c8 19 3f 05 8c 0e 68 51 ba 9a a8 9e 48 b8 71 2c 39 a1 ee 3b 87 90 64 38 Data Ascii: >[L>e8v"VfQVF\6XBauR%-4Hc-hT{ikk!YxV 9yo>? T(}apVHN=g]f0s3&86uOp(2EYr8}ng?)AzO]qNM-(~?hQHq,9;d8

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Quarantined Messages (1).zip

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

HTML

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\A6552BDB-637B-4B80-9BF4-9E8A44188DD8

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\3AB0216D.tmp

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\P260A8DK\SignedContractAgreement (002).html

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\P260A8DK\SignedContractAgreement (002).html:Zone.Identifier

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\P260A8DK\SignedContractAgreement.html

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\P260A8DK\SignedContractAgreement.html:Zone.Identifier

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{3A19177D-6A05-4DA3-942A-096735489E7D}.tmp

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{52CCAAB9-1B51-49B0-A97B-0305AC9F418A}.tmp

C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1729856508673389200_C96BA15F-8CDB-42C8-B5BF-538C26644024.log

C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1729856508674330200_C96BA15F-8CDB-42C8-B5BF-538C26644024.log

C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241025T0741480400-3700.etl

C:\Users\user\AppData\Local\Temp\mso3475.tmp

C:\Users\user\AppData\Local\Temp\olk28EA.tmp

Windows Analysis Report
Quarantined Messages (1).zip

Timestamp	Bytes transferred	Direction	Data
2024-10-25 11:42:32 UTC	608	OUT	GET /shared/5/chunks/oneds-analytics-js_077217740c853b5d4fe8.js HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://account.live.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://account.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-25 11:42:32 UTC	819	IN	HTTP/1.1 200 OK Date: Fri, 25 Oct 2024 11:42:32 GMT Content-Type: application/x-javascript Content-Length: 32811 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Fri, 09 Aug 2024 21:16:17 GMT ETag: 0x8DCB8B881BE95D6 x-ms-request-id: b285292d-b01e-000f-80ab-268a97000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20241025T114232Z-r197bdfb6b429k2s6br3k49qn400000006p0000000002xgw x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-10-25 11:42:32 UTC	15565	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 dc bd 69 77 db 38 b3 3f f8 7e 3e 85 c4 e9 f1 25 db b0 22 39 4b 27 52 18 9d c4 71 3a ce 66 77 ec 2c dd 6e 5f 1f 5a 82 6c b6 65 52 4d 52 5e 62 e9 bb 4f fd 0a 0b 41 8a 4e f2 9c ff 9d 79 71 fb 74 2c 62 21 08 14 0a 85 aa 42 55 e1 de af ed d6 ab 34 6b 4d e3 91 4c 72 d9 8a 93 49 9a 5d 44 45 9c 26 ad d9 54 46 94 95 4b d9 4a 13 39 ce 37 a2 24 9a de 14 f1 28 df f8 27 3f ee fe f6 db 66 ef b7 df 1e 74 47 8f 1f de 3f 79 38 7e 30 91 8f 3b ff e4 9d 77 3b 5b db 1f f6 b7 3b c5 75 d1 fa f5 de ff e5 cd d1 44 91 c5 a3 c2 1b f8 b9 9c 4e 3a 57 f2 64 16 8d ce b7 ce e6 c9 f9 f1 45 1e 8f 65 52 c4 c5 cd 71 1e e7 73 4a 47 e1 4f d5 5a 2c 0e 8f 82 ce 6c 9e 9f f9 87 87 0f 7e eb 1d 89 db cd cd df 1e f7 27 f3 64 84 ee fb 89 90 a2 08 6e 8b 4e e6 cb 40 14 9d Data Ascii: iw8?~>%"9K'Rq:fw,n_ZleRMR^bOANyqt,b!BU4kMLrI]DE&TFKJ97$('?ftG?y8~0;w;[;uDN:WdEeRqsJGOZ,l~'dnN@
2024-10-25 11:42:32 UTC	16384	IN	Data Raw: 7d ed 52 dc 70 af e6 f3 3f e8 25 f5 f0 ff d7 fe 25 ce 31 b8 06 af 71 1f 5f ed 9d 5c f7 74 ef 4c df cc 9e 34 fc 2b 3e c4 89 e7 91 7d e8 e3 6f a5 79 ea 98 eb ae 62 e3 88 d0 00 9e 6d f4 86 f4 db 77 72 8f 75 ee b1 a7 4e 0a 98 cd 48 c3 1a 17 45 db 40 3a 9b 4f 89 80 ef ce 60 76 4b 44 73 ff 26 27 f9 61 27 99 a4 06 ce bc e1 15 a1 09 a7 cf 1c a8 8d 8a 02 53 37 27 e1 79 30 3f 2d 73 10 b0 b4 52 45 65 a8 eb 33 32 c3 fd b8 bd aa 5e aa 26 53 f7 52 35 33 8b 70 46 e5 49 eb 30 03 ab 00 4d 09 1b 6a a3 e8 a4 ea ee e6 4e 5e 5e 4d a2 41 43 79 95 7a ee 8c 66 55 5e 8b c4 48 e5 6a 9c 92 9c 77 89 58 7b 29 6d ba 29 84 e3 84 b7 7a f5 8b e6 53 15 a3 24 ee 10 6e 15 b8 43 93 e3 c6 aa b7 9d 4c 92 18 23 22 8c f6 6a 3a e7 3e ba f2 ec 5e 9d 56 13 3f a4 2c 6b d3 1f 73 27 dd 3b 38 13 6d 43 Data Ascii: }Rp?%%1q_\tL4+>}oybmwruNHE@:O`vKDs&'a'S7'y0?-sREe32^&SR53pFI0MjN^^MACyzfU^HjwX{)m)zS$nCL#"j:>^V?,ks';8mC
2024-10-25 11:42:32 UTC	862	IN	Data Raw: 0b 1f 65 9b 96 67 0f 20 14 80 06 f7 e2 b5 db d6 c5 b4 c6 5f e1 7b 76 1b 9d a4 e9 6e 9a 5c c9 36 df 14 3a a1 47 d0 e6 00 88 d8 cb a3 30 41 78 cf 37 25 ca 2b 3e 60 ed a5 aa 8d 3e b1 ad 34 e9 15 75 67 50 a0 46 bb a6 5f ba e2 9b cb 04 07 93 40 5c 16 9d 00 ca 3e 80 25 94 2b 0d 7d a7 b8 f2 7b 9c 0f 81 b6 e6 a4 42 2b 4d 67 df ad 1c c2 6a 6a 2b c5 1d da d0 1a 13 bc 76 0c 6f b0 01 2d cd 69 36 32 b3 b1 61 89 73 7e d1 48 48 ae 58 07 06 be 0e 9a 29 24 b4 42 eb b3 33 30 e3 ac 59 a7 95 73 92 ac 5a 37 c8 01 f1 6e 70 24 b9 ea 6b 78 a5 f0 eb 4e 72 99 1e 24 a7 f4 2b 86 71 68 49 38 c1 ae 39 36 72 95 d6 c2 f6 d1 b0 ea 68 19 8e 93 78 3c 86 7b db cf e2 31 10 22 e1 00 a7 32 cd 00 81 da 73 9d 15 11 a1 5b 69 f1 d5 88 84 a3 8d 18 bd ae f9 f2 f9 75 df ea be c5 3e cb 14 48 d9 af 37 Data Ascii: eg _{vn\6:G0Ax7%+>`>4ugPF_@\>%+}{B+Mgjj+vo-i62as~HHX)$B30YsZ7np$kxNr$+qhI896rhx<{1"2s[iu>H7

Timestamp	Bytes transferred	Direction	Data
2024-10-25 11:42:32 UTC	634	OUT	GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://account.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-25 11:42:32 UTC	800	IN	HTTP/1.1 200 OK Date: Fri, 25 Oct 2024 11:42:32 GMT Content-Type: image/svg+xml Content-Length: 1435 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Tue, 27 Jun 2023 15:44:25 GMT ETag: 0x8DB772562988611 x-ms-request-id: 8e61f68b-501e-005a-605e-269a1c000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20241025T114232Z-15b8d89586flzzks5bs37v2b9000000004tg0000000027b9 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-25 11:42:32 UTC	1435	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 bd 57 4d 6f 1c 37 0c fd 2b 8b ed 75 56 96 48 4a a2 0a db 80 7b f2 c1 be fa 90 db b6 b1 b3 06 ec 26 88 17 76 fa ef fb 28 51 b3 46 91 a2 c9 a5 b0 f7 61 57 1c 51 fc 7c e2 9c bf bc 7e da 7c 7b 7e fa f3 e5 62 7b 38 1e bf fc 7a 76 f6 f6 f6 16 de 38 7c fe fa e9 8c 62 8c 67 78 62 bb 79 7b fc 78 3c 5c 6c 53 d4 ed e6 70 ff f8 e9 70 bc d8 92 6c 37 af 8f f7 6f bf 7d fe 76 b1 8d 9b b8 81 74 83 c5 cb f3 e3 e3 f1 e9 fe 72 ff f2 72 7f 7c 39 3f 1b bf ce bf ec 8f 87 cd c7 8b ed ad 48 50 2e 8b 84 72 97 34 c8 61 47 41 ee 6a c8 ca d7 82 af 37 ac 21 a5 b6 98 ec 9a 4b c8 9c 6e 98 42 12 5a fa 43 87 5d 88 d4 fa d6 6b 6a a1 dd 41 d1 81 83 70 b9 e1 1a 78 49 a6 fe 10 62 d6 1b 49 21 4b b6 93 3e 3c d3 92 42 94 b6 4f 81 8a 2e 03 23 fe d2 12 24 b5 5d 68 a5 Data Ascii: WMo7+uVHJ{&v(QFaWQ\|~\|{~b{8zv8\|bgxby{x<\lSppl7o}vtrr\|9?HP.r4aGAj7!KnBZC]kjApxIbI!K><BO.#$]h

Timestamp	Bytes transferred	Direction	Data
2024-10-25 11:42:32 UTC	621	OUT	GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://account.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-25 11:42:32 UTC	799	IN	HTTP/1.1 200 OK Date: Fri, 25 Oct 2024 11:42:32 GMT Content-Type: image/svg+xml Content-Length: 673 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Tue, 27 Jun 2023 15:44:22 GMT ETag: 0x8DB7725611C3E0C x-ms-request-id: 0bb4814b-601e-0075-7925-26dfc5000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20241025T114232Z-16849878b7898p5f6vryaqvp58000000018g00000000abf2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-25 11:42:32 UTC	673	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 b5 55 db 6e db 30 0c fd 15 c1 7d 69 1e ac 50 b2 ae 43 1c a0 37 6c 2f c3 0a 64 fd 80 d4 b1 13 03 ae 1d d8 6e d3 f6 eb 47 ca f6 96 0c 79 6c 10 20 e6 91 45 f2 f0 98 94 16 dd db 96 bd bf 54 75 97 46 bb be df 7f 9b cf 0f 87 03 3f 24 bc 69 b7 73 09 00 73 dc 11 b1 43 b9 e9 77 69 24 bc 84 88 ed f2 72 bb eb 11 81 43 54 94 55 95 46 75 53 e7 d1 72 b1 65 cd 7e 9d 95 fd 47 1a 71 19 b1 ac 2a f7 f1 7e 4d ae af 6d 75 7d f5 30 c3 3d 84 d9 26 8d 7e 0a 65 0c 57 4c 58 af b9 cc bc 06 9e 58 06 88 25 70 17 1b 69 b9 96 13 12 0a 04 37 2b a9 84 e1 d6 c6 02 c0 b1 c1 3f d8 b1 d4 0a cd c4 01 57 4e 0e 88 25 3e e1 a6 b3 16 d7 24 ed a6 08 63 bc 11 7d 4e f4 03 bb 9b 59 34 3f a2 97 78 c5 31 bf 13 9a 9b cc 2a c3 b5 23 76 89 16 c8 47 61 6c 39 01 21 02 39 81 41 Data Ascii: Un0}iPC7l/dnGyl ETuF?$issCwi$rCTUFuSre~Gq~Mmu}0=&~eWLXX%pi7+?WN%>$c}NY4?x1#vGal9!9A

Timestamp	Bytes transferred	Direction	Data
2024-10-25 11:42:33 UTC	600	OUT	GET /images/favicon.ico?v=2 HTTP/1.1 Host: acctcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://account.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-25 11:42:33 UTC	764	IN	HTTP/1.1 200 OK Date: Fri, 25 Oct 2024 11:42:33 GMT Content-Type: image/x-icon Content-Length: 17174 Connection: close Cache-Control: public, max-age=604800 Last-Modified: Thu, 24 Oct 2024 04:46:02 GMT ETag: 0x8DCF3E6C39DC67F x-ms-request-id: c9935769-b01e-00e8-2557-26da3d000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20241025T114233Z-15b8d89586fnsf5zd126eyaetw00000001kg00000000849u x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-10-25 11:42:33 UTC	15620	IN	Data Raw: 00 00 01 00 06 00 80 80 10 00 00 00 00 00 68 28 00 00 66 00 00 00 48 48 10 00 00 00 00 00 e8 0d 00 00 ce 28 00 00 30 30 10 00 00 00 00 00 68 06 00 00 b6 36 00 00 20 20 10 00 00 00 00 00 e8 02 00 00 1e 3d 00 00 18 18 10 00 00 00 00 00 e8 01 00 00 06 40 00 00 10 10 10 00 00 00 00 00 28 01 00 00 ee 41 00 00 28 00 00 00 80 00 00 00 00 01 00 00 01 00 04 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 Data Ascii: h(fHH(00h6 =@(A(("P"""""""""""""""""""""""""""""" 333333333333333
2024-10-25 11:42:33 UTC	1554	IN	Data Raw: 00 00 00 00 01 80 00 00 00 00 00 00 01 80 00 00 00 00 00 00 01 80 00 00 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 04 00 00 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 bc 7b 00 1f 4c f9 00 22 50 f2 00 f7 a6 00 00 00 ba 7f 00 f3 a6 00 00 1e 4e f6 00 23 4e f4 00 f3 a4 00 00 00 bc 7d 00 00 ba 7d 00 00 00 00 00 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 Data Ascii: ( @{L"PN#N}}"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333

Timestamp	Bytes transferred	Direction	Data
2024-10-25 11:42:34 UTC	364	OUT	GET /images/favicon.ico?v=2 HTTP/1.1 Host: acctcdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-25 11:42:35 UTC	744	IN	HTTP/1.1 200 OK Date: Fri, 25 Oct 2024 11:42:34 GMT Content-Type: image/x-icon Content-Length: 17174 Connection: close Cache-Control: public, max-age=604800 Last-Modified: Fri, 25 Oct 2024 04:51:35 GMT ETag: 0x8DCF4B0B4216162 x-ms-request-id: 02ed5214-401e-007a-1fd2-265eeb000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20241025T114234Z-r197bdfb6b4tq6ldv3s2dcykm8000000032g0000000055gp x-fd-int-roxy-purgeid: 67912908 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-10-25 11:42:35 UTC	15640	IN	Data Raw: 00 00 01 00 06 00 80 80 10 00 00 00 00 00 68 28 00 00 66 00 00 00 48 48 10 00 00 00 00 00 e8 0d 00 00 ce 28 00 00 30 30 10 00 00 00 00 00 68 06 00 00 b6 36 00 00 20 20 10 00 00 00 00 00 e8 02 00 00 1e 3d 00 00 18 18 10 00 00 00 00 00 e8 01 00 00 06 40 00 00 10 10 10 00 00 00 00 00 28 01 00 00 ee 41 00 00 28 00 00 00 80 00 00 00 00 01 00 00 01 00 04 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 Data Ascii: h(fHH(00h6 =@(A(("P"""""""""""""""""""""""""""""" 333333333333333
2024-10-25 11:42:35 UTC	1534	IN	Data Raw: 01 80 00 00 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 04 00 00 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 bc 7b 00 1f 4c f9 00 22 50 f2 00 f7 a6 00 00 00 ba 7f 00 f3 a6 00 00 1e 4e f6 00 23 4e f4 00 f3 a4 00 00 00 bc 7d 00 00 ba 7d 00 00 00 00 00 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 Data Ascii: ( @{L"PN#N}}"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"

Target ID:	0
Start time:	07:41:27
Start date:	25/10/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Imagebase:	0x7ff79f960000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	11
Start time:	07:41:48
Start date:	25/10/2024
Path:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\Quarantined Messages (1)\b013e97a-82ac-47e2-7d71-08dcf47b0758\0e7d1db5-47bc-5f6e-656b-d3675529b6d6.eml"
Imagebase:	0xcd0000
File size:	34'446'744 bytes
MD5 hash:	91A5292942864110ED734005B7E005C0
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Target ID:	12
Start time:	07:41:51
Start date:	25/10/2024
Path:	C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "9CA74039-B771-4B3F-B00D-C96353AB08AD" "FD2F9C2B-C426-4778-9DB9-81A63FFABB3E" "3700" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Imagebase:	0x7ff6db340000
File size:	710'048 bytes
MD5 hash:	EC652BEDD90E089D9406AFED89A8A8BD
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Target ID:	14
Start time:	07:42:02
Start date:	25/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\P260A8DK\SignedContractAgreement.html
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre